A method of providing a distributed scheme for executing a RAM program, without revealing any information regarding the program, the data and the results, according to which the instructions of the program are simulated using SUBLEQ instructions and the execution of the program is divided among a plurality of participating computational resources such as one or more clouds, which do not communicate with each other, while secret sharing all the program's SUBLEQ instructions, to hide their nature of operation and the sequence of operations. Private string matching is secretly performed by comparing strings represented in secret shares, for ensuring the execution of the right instruction sequence. Then arithmetic operations are performed over secret shared bits and branch operations are performed according to the secret shared sign bit of the result.

In one embodiment, a secure computing system comprises a key generation sub-system configured to generate cryptographic keys and corresponding key labels for distribution to computer clusters, each computer cluster including a plurality of respective endpoints, a plurality of quantum key distribution (QKD) devices connected via respective optical fiber connections, and configured to securely distribute the generated cryptographic keys among the computer clusters, and a key orchestration sub-system configured to manage caching of the cryptographic keys in advance of receiving key requests from applications running on ones of the endpoints, and provide respective ones of the cryptographic keys to the applications to enable secure communication among the applications.

A secrecy system and a decryption method of on-chip data stream of nonvolatile FPGA are provided in the present invention. The nonvolatile memory module of the system is configured to only allow the full erase operation. After the full erase operation is finished, the nonvolatile memory module gets into the initial state. Only the operation to the nonvolatile memory module under the initial state is effective, and thereby the encryption region unit is arranged in the nonvolatile memory module. Only the decryption data written into the encryption region unit under the initial state can make the nonvolatile memory module to be readable, so that the decryption of the system is finished, which greatly improves the secrecy precision.

Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.

An application code hiding apparatus includes a secret code dividing part, a secret code caller generating part, a code analyzing part, a dummy code generating part, a code encrypting part, a code disposing part, a code decryptor generating part, a disposed code importer generating part, a code loader generating part, a memory inner code modifier generating part and a decrypted code caller generating part.

Example implementations include a system of secure decryption by virtualization and translation of physical encryption keys, the system having a key translation memory operable to store at least one physical mapping address corresponding to at least one virtual key address, a physical key memory operable to store at least one physical encryption key at a physical memory address thereof; and a key security engine operable generate at least one key address translation index, obtain, from the key translation memory, the physical mapping address based on the key address translation index and the virtual key address, and retrieve, from the physical key memory, the physical encryption key stored at the physical memory address.

Systems and methods that allow secure application-driven arbitrary compute in storage devices in a cloud-based computing system are provided. A computing system including a compute controller configured to: (1) provide access to host compute resources, and (2) operate in at least one of a first mode or a second mode is provided. The computing system may further include a storage controller configured to provide access to storage systems including storage components, at least one compute component, and at least one cryptographic component. In the first mode, the host compute resources may be configured to execute at least a first operation on at least a first set of data stored in at least one of the storage components. In the second mode, the at least one compute component may be configured to execute at least a second operation on at least a second set of data.

Systems and methods are disclosed including a memory device and a processing device, operatively coupled with the memory device, to perform operations comprising: receiving a write data request to store write data to the memory device; determining a physical block address associated with the write data request; performing a bitwise operation on each bit of the physical block address to generate a seed value; generating an output sequence based on the seed value; performing another bitwise operation on the output sequence and the write data to generate a randomized sequence; and storing, on the memory device, the randomized sequence.

The information processing apparatus stores a cryptographic module and a key that the cryptographic module generated. The information processing apparatus determines whether or not the stored key is a key that a cryptographic module for which integrity is not verified generated. If so, the information processing apparatus updates the key determined to be the key that the cryptographic module for which integrity is not verified generated.

Disclosed in some examples are methods, systems, devices, and machine-readable mediums that provide for techniques for scrambling and/or updating meta-data that enable an efficient internal copyback operation. In some examples, improved data distribution techniques decouple the scrambling key from a physical address to allow for copyback operations while maintaining data distribution requirements across a memory device. The controller may generate a seed value that is used by a scrambling algorithm to scramble the host-data and meta-data prior to the data being written. The seed value is then encoded and written to the page with encoded versions of the scrambled user data and meta-data—the random seed is written without scrambling the random seed.