The present invention is related to a method for delegation by a client of the creation of an unknown quantum state to a quantum server, the client having a simplified architecture based on a beam splitter, and the delegation method comprising in particular steps of activating an interaction through the beam splitter and masking by means of delays.

Systems and methods for performing cryptographic data processing operations employing non-linear share encoding for protecting from external monitoring attacks. An example method includes: receiving a plurality of shares representing a secret value employed in a cryptographic operation, such that the plurality of shares includes a first share represented by an un-encoded form and a second share represented by an encoded form; producing a transformed form of the second share; and performing the cryptographic operation using the transformed form of the second share.

The present disclosure provides a fluid-optical encryption system and a method thereof. The fluid-optical encryption system uses a fluid surface that changes topology over time to modulate the wave front of an electromagnetic signal in an encryption, decryption, authentication or other communication system. The electromagnetic signal can be pulsed or continuous, coherent or non-coherent, and can be optical or in another wavelength range such as micrometer or infrared. The information carrying signal is either transmitted through the fluid system or reflected off the surface of the fluid system. The fluid system time dependent change can be induced by mechanical vibration in the fluid container, distorting the fluid container, acoustic waves through the fluid, or by surface tension changes at the boundary of the fluid cause by electrowetting or electrostatic effects. The fluid surface can exhibit patterns that oscillate or change periodically, or change in a chaotic manner.

Systems and methods of authentication and encrypted communication between a server and client using independently-generated shared encryption keys are disclosed. Clients with arrays of physical-unclonable-function devices respond to server-issued challenges. The clients derive encryption keys from responses to those challenges generated by measuring PUF devices specified by the challenges. The clients send messages encrypted with the encryption keys to the server. The server independently reproduces the client-generated encryption keys using information about the PUF devices. When the keys match, the clients are authenticated. It may be desirable to inject errors into the challenge responses generated by the clients to improve security. When errors are injected, attackers cannot determine correct challenge responses except by brute force. When a sufficiently large number of errors are introduced, the server has sufficient computational power to successfully authenticate the client, but is computationally infeasible for an attacker to reverse engineer the correct responses.

This disclosure relates generally to systems and methods for masking and unmasking of sensitive data. The present systems and methods solve the problems of consistency of the data masking, by using a random index and a masked index with use of regular expression concept. An additional random key produce different masked data versions, however the original form of the sensitive data is achieved with any masked data version. Plurality of masked data versions are generated by masking the sensitive input dataset, where the plurality of masked data versions comprises same format of the sensitive input dataset. The generated masked data versions are secured and hard to predict the original form of the sensitive input dataset by authorized or unauthorized environments. Also, the present method consume less processing time, as the masking process and the unmasking process make operations on the indexes rather than with the original dataset.

This disclosure describes systems on a chip (SOCs) that prevent side channel attacks (SCAs). The SoCs of this disclosure concurrently operate multi-round encryption and decryption datapaths according to a combined sequence of encryption rounds and decryption rounds. An example SoC of this disclosure includes an engine configured to encrypt transmission (Tx) channel data using a multi-round encryption datapath, and to decrypt encrypted received (Rx) channel data using a multi-round decryption datapath. The SoC further includes a security processor configured to multiplex the multi-round encryption datapath against the multi-round decryption datapath on a round-by-round basis to generate a mixed sequence of encryption rounds and decryption rounds, and to control the engine to encrypt the Tx channel data and decrypt the encrypted Rx channel data according to the mixed sequence of encryption rounds and decryption rounds.

Textual masking for multiparty computation is provided. The method comprises receiving masked input data from a number of contributors, wherein the input data from each contributor has a unique contributor mask value. A unique analyst mask factor is received for each contributor, computed by an analyst as a difference between a uniform analyst mask value and the contributor mask value. An API call is received from the analyst to aggregate the input data from the contributors. The respective analyst mask factors are added to the input data from the contributors, and the data is aggregated and shuffled. Computational results received from the analyst based on the aggregated input data are published. In response to API calls from the contributors, the analyst mask factors are removed from the computational results, wherein computational results received by each contributor are masked only by the respective contributor mask value.

Some embodiments are directed to a public-key encryption device (20) and a private-key decryption device (10). The public-key encryption device is configured to compute a second public-key matrix (u), the second public-key matrix (u) having fewer matrix elements than the first public-key matrix (b) of the private-key decryption device. This reduces computation and bandwidth requirements at the side of the public-key encryption device.

According to an embodiment, an encryption processing device includes a memory and one or more processors. The memory stores a plurality of divided masks to be applied to an input sentence on which mask processing is performed in unit of processing of a predetermined size corresponding to a size of data obtained by dividing target data of encryption processing into a plurality of pieces, the divided masks having a same size as that of data obtained by further dividing the data of the unit of processing. The one or more processors are configured to: read out the plurality of divided masks from the memory at different respective timings, and generate a plurality of first masks by using the read-out divided masks at different respective timings; and execute arithmetic processing on intermediate data of the encryption processing using the plurality of first masks at different respective timings.

A protocol that is managed by a coordinating network element or third-party intermediary or peer network elements and utilizes tokens prohibits any subset of a union of the coordinating network element or third-party intermediary, if any, and a proper subset of the processors involved in token generation from substantively accessing underlying data. By one approach, processors utilize uniquely-held secrets. By one approach, an audit capability involves a plurality of processors. By one approach, the protocol enables data transference and/or corroboration. By one approach, transferred data is hosted independently of the coordinating network element. By one approach, the coordinating network element or third-party intermediary or a second requesting network element is at least partially blinded from access to tokens submitted by a first requesting network element. By one approach, a third-party intermediary uses a single- or consortium-sourced database. By one approach, network elements provisioned with tokens jointly manage the protocol.