A homomorphic encryption device includes: a recryption parameter generating circuit, a recryption circuit, and an arithmetic circuit. The recryption parameter generating circuit is configured to generate a recryption parameter including a plurality of recryption levels respectively for a plurality of ciphertexts based on an arithmetic scenario including information about an arithmetic schedule between the plurality of ciphertexts. The recryption circuit is configured to generate a plurality of recrypted ciphertexts by recrypting each of the plurality of ciphertexts to a corresponding recryption level based on the recryption parameter. The arithmetic circuit is configured to output an arithmetic result by performing operations by using the plurality of recrypted ciphertexts, according to the arithmetic scenario.

A method is disclosed of secure data transmission comprising sending a data request from a client device to a server device, the data request comprising a first share of a first encryption key, and a first location in the database at which is located desired double-encrypted data; receiving the sent data request at the server device; extracting, at the server device, the first share and the first location from the received data request; obtaining, at the server device, the desired double-encrypted data from the database using the extracted first location; generating, at the server device, the first encryption key using the extracted first share and one or more additional shares of the first encryption key held by the server device; and decrypting, at the server device, the obtained desired double-encrypted data using the generated first encryption key to form single-encrypted data.

A method is disclosed of secure data transmission comprising sending a data request from a client device to a server device, the data request comprising a first share of a first encryption key, and a first location in the database at which is located desired double-encrypted data; receiving the sent data request at the server device; extracting, at the server device, the first share and the first location from the received data request; obtaining, at the server device, the desired double-encrypted data from the database using the extracted first location; generating, at the server device, the first encryption key using the extracted first share and one or more additional shares of the first encryption key held by the server device; and decrypting, at the server device, the obtained desired double-encrypted data using the generated first encryption key to form single-encrypted data.

A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions (involving the transformation, conversion or transfer of information or value) are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Each computing node typically is functionally-equivalent to all other nodes in the core. The nodes operate on blocks independently from one another while still maintaining a consistent and logically-complete view of the blockchain as a whole. According to another feature, secure transaction processing is facilitated by storing cryptographic key materials in secure and trusted computing environments associated with the computing nodes to facilitate construction of trust chains for transaction requests and their associated responses.

A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions (involving the transformation, conversion or transfer of information or value) are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Each computing node typically is functionally-equivalent to all other nodes in the core. The nodes operate on blocks independently from one another while still maintaining a consistent and logically-complete view of the blockchain as a whole. According to another feature, secure transaction processing is facilitated by storing cryptographic key materials in secure and trusted computing environments associated with the computing nodes to facilitate construction of trust chains for transaction requests and their associated responses.

The disclosed embodiments relate to virtual distributed ledger networks provisioning using distributed ledger technology. In one embodiment, a system is disclosed, comprising a hardware processor and a memory device storing instructions executable by the hardware processor to perform operations. The operations comprise creating one or more virtual machines, and executing a plurality of microservices via the one or more virtual machines. At least two of the plurality of microservices are associated with different distributed ledger technology networks. The plurality of microservices include an event routing manager microservice configured to receive a smart contract microservice request and to route events between microservices, a smart contract execution microservice configured to execute a smart contract associated with the smart contract microservice request, and a transaction resource manager microservice configured to commit an outcome of the smart contract execution microservice to a distributed ledger associated with one of the different distributed ledger technology networks.

Disclosed is a highly available distributed key management system (KMS). The system receives a request for an encrypted data encryption key (DEK) from a user at an instance of the KMS. The instance of the KMS generates a blob that is signed with a symmetric key, and negotiated keys based on a key agreement scheme between the instance of the KMS and another instance of the KMS. The negotiation steps are performed using different public/private key pairings, while producing equivalent negotiated keys shared between KMS instances. This blob is sent to the user where it is stored by the user. Subsequently, when the user needs a decrypted DEK, the user may send this blob to any instance of the KMS and obtain a decrypted DEK for use in encrypting user data.

A computing device (e.g., an FPGA or integrated circuit) processes an incoming packet comprising data to compute a Galois hash. The computing device includes a plurality of circuits, each circuit providing a respective result used to determine the Galois hash, and each circuit including: a first multiplier configured to receive a portion of the data; a first exclusive-OR gate configured to receive an output of the first multiplier as a first input, and to provide the respective result; and a second multiplier configured to receive an output of the first exclusive-OR gate, wherein the first exclusive-OR gate is further configured to receive an output of the second multiplier as a second input. In one embodiment, the computing device further comprises a second exclusive-OR gate configured to output the Galois hash, wherein each respective result is provided as an input to the second exclusive-OR gate.

A programmable logic device that is interposed between a client device and a database server is provided. The client device may issue read and write queries to the programmable logic device. The programmable logic device may serve as a cache. For read queries, confidential data that is stored locally on the programmable device or retrieved from the database server may be encrypted before sending it back to the client device. Non-confidential data may be left unencrypted and can be sent back to the client device in unencrypted form. The programmable logic device may be partially reconfigured during runtime to update database securities settings without causing unnecessary downtime for the overall system.

A programmable logic device that is interposed between a client device and a database server is provided. The client device may issue read and write queries to the programmable logic device. The programmable logic device may serve as a cache. For read queries, confidential data that is stored locally on the programmable device or retrieved from the database server may be encrypted before sending it back to the client device. Non-confidential data may be left unencrypted and can be sent back to the client device in unencrypted form. The programmable logic device may be partially reconfigured during runtime to update database securities settings without causing unnecessary downtime for the overall system.