Systems and methods for protecting block cipher computation operations, from external monitoring attacks. An example apparatus for implementing a block cipher may comprise: a first register configured to store a first pre-computed mask value represented by a combination of a first random value and a second random value; a second register configured to store an output mask value, wherein the output mask value is an inverse permutation function of the first random value; a third register configured to store a second pre-computed mask value represented by a combination the first pre-computed mask value and a permutation function of the output mask value; a fourth register configured to store an input mask value, wherein the input mask value is a combination of an expansion function of the first random value and a key mask value; a non-linear transformation circuit configured to apply the expansion function to a masked round state, perform a non-linear transformation of a combination of a masked key with an output of the expansion function, and apply the permutation function to the output of the non-linear transformation, wherein the non-linear transformation is defined using the input mask value stored in the fourth register and the output mask value stored in the second register; and two round feedback circuits configured to swap the masked round state produced by the non-linear transformation and combine the masked round state with the first pre-computed mask value stored in the first register and the second pre-computed mask value stored in the third register.

Systems and methods that may implement an Oracle-aided protocol for producing and using FHE encrypted data. The systems and methods may initially encrypt and store input data in one encrypted form that is not performed using FHE, which does not substantially increase the size of the data and storage resources required to store the encrypted data. In accordance with the Oracle-aided protocol, the encrypted data is re-encrypted as FHE encrypted data when FHE encrypted data is required.

Systems and methods that may implement an Oracle-aided protocol for producing and using FHE encrypted data. The systems and methods may initially encrypt and store input data in one encrypted form that is not performed using FHE, which does not substantially increase the size of the data and storage resources required to store the encrypted data. In accordance with the Oracle-aided protocol, the encrypted data is re-encrypted as FHE encrypted data when FHE encrypted data is required.

Systems and methods that may be used to provide multitenant key derivation and management using a unique protocol in which key derivation may be executed between the server that holds the root key and a client that holds the derivation data and obtains an encryption key. In one or more embodiments, the derivation data may be hashed. The disclosed protocol ensures that the server does not get access to or learn anything about the client's derived key, while the client does not get access to or learn anything about the server's root key.

Disclosed herein are methods, systems, and devices for concealing account balances of permissionless distributed ledgers using multi-chain and/or directed acyclic graph (DAG) based structures, while maintaining publicly verifiable transactions. According to one embodiment, a computer-based method for recording a transaction in a ledger having a transacted amount, a first account balance associated with a sender and a second account balance associated with a receiver is disclosed. The computer-based method includes encrypting the transacted amount using a first shared key, decreasing the first account balance by the transacted amount, encrypting the first account balance with a first private key, increasing the second account balance by the transacted amount, encrypting the second account balance with a second private key.

A circuit includes a cipher accessing a plurality of read-write memory units configured to handle data tables obtained from a modified mask; wherein the modified mask is being determined from an initial mask and a random value, the random value selecting one or more modifications of the initial mask amongst a plurality of predefined modifications including permutation operations. Developments of the invention describe the use of mathematically optimal or equivalent masks; the use of random values; a range of permutation operations comprising offset shifting and/or rotation and/or XOR operations and/or coprime construction; the use of round masks; the use of a Physically Unclonable Function; the refresh or update of modified masks and/or round masks; and verifications of the optimality and/or integrity of masks. System features (e.g. CPU, co-processor, local and/or remotely accessed external memory storing masks, volatile memory) and computer program products are described.

Cryptographic systems and methods are disclosed, including numerous industry applications. Embodiments of the present invention can generate and regenerate the same symmetric key. The cryptographic systems and methods include a key generator configured to use two or more inputs to reproducibly generate the symmetric key and a cryptographic engine configured to use the symmetric key for encrypting and decrypting data.

Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using the shared secret. The first computer may send its blinded public key, the encrypted blinding factor, and the encrypted certificate to the second computer. The second computer may generate the same shared secret using its private key and the blinded public key of the first computer. The second computer may authenticate the first computer by verifying its blinded public key using the blinding factor and the certificate of the first computer. The first computer authenticates the second computer similarly.

A distributed computer network utilizing cryptography that includes one or more processors, wherein the one or more processors are programmed to receive a secret input state and one or more tuples, mask the secret input state with the one or more tuple and utilize a reveal to compute a masked input, compute six multiplications on the masked input, compute multiplication of two secret values to output an intermediate output, mask a third secret value from the intermediate output and reveal the third secret value to compute an interaction, compute a multiparty-computation multiplication with the interaction, and output a final secret value in response to computing the multiparty-computation multiplication.

A protocol that is managed by a coordinating network element or third-party intermediary or peer network elements and utilizes tokens prohibits any subset of a union of the coordinating network element or third-party intermediary, if any, and a proper subset of the processors involved in token generation from substantively accessing underlying data. By one approach, processors utilize uniquely-held secrets. By one approach, an audit capability involves a plurality of processors. By one approach, the protocol enables data transference and/or corroboration. By one approach, transferred data is hosted independently of the coordinating network element. By one approach, the coordinating network element or third-party intermediary or a second requesting network element is at least partially blinded from access to tokens submitted by a first requesting network element. By one approach, a third-party intermediary uses a single- or consortium-sourced database. By one approach, network elements provisioned with tokens jointly manage the protocol.