Share values for use in a cryptographic operation may be received and the cryptographic operation may be performed based on the share values. A pseudorandom number that is to be used by the cryptographic operation may be identified and the pseudorandom number may be generated based on a portion of the share values that are used in the cryptographic operation. The cryptographic operation may then be performed based on the generated pseudorandom number.

Methods, systems, and media for improving computer security and performance of security are disclosed. In one example, a computer security system comprises a key management monitor, and two key elements comprising a first key element and a second key element. The first key element is stored at a first location address within a computer memory and the second key element is stored at a second location address. The key management monitor is configured to determine or receive a time duration for performing a data dump of contents of the computer memory. In one example, the key management monitor is further configured to control a location of the first key element within the computer memory, wherein the location address of the first key element is changed within a time period that is less than the time duration for performing the data dump of contents of the computer memory.

Systems and methods as described herein may include creating and monitoring workflows in a blockchain network. A workflow may be implemented by using a smart contract or the steps in the workflow may be recorded in a distributed ledger in a blockchain network. Completion of a workflow step may be verified by identifying a blockchain transaction executed by the workflow step performer assigned to the workflow step. The blockchain transaction is associated with encryption keys of the workflow step performer assigned to the workflow step. The completion of the execution of a workflow may be verified by determining whether the status of the last workflow step is complete, and identifying a blockchain transaction associated with encryption keys of the workflow step performer assigned to the last workflow step.

A method and apparatus for obtaining a privacy set intersection are provided. The method may include: encrypting a privacy set of an intersection initiator by using a homomorphic encryption algorithm to generate a cipher text, a cipher text function, a public key, and a private key of the intersection initiator; delivering the cipher text, the cipher text function, and the public key of the intersection initiator to an intersection server; receiving a to-be-decrypted function value of a privacy set of the intersection server from the intersection server; and decrypting the to-be-decrypted function value of the privacy set of the intersection initiator by using the private key, to obtain an intersection element of the privacy set of the intersection initiator and the privacy set of the intersection server.

A security device and an operating method thereof, which generate masking data for masking a key on the basis of a physically unclonable function (PUF), are provided. The security device includes a PUF circuit including a plurality of PUF cells outputting random key data and masking data, a key generator configured to generate a key through post-processing performed on the random key data, and a masking module configured to mask and store the key by using the masking data, wherein the random key data and the masking data are generated by different PUF cells.

Systems and methods are described for encrypting amounts and asset types of a verifiable transaction on a blockchain ledger. For each asset, an asset tag is blinded, multiplied by the amount of the asset, and the product is blinded again to create an encrypted amount of the asset. Both encrypted amount of the asset and a corresponding generated output value are within a value range, and the sum of the encrypted input value and the encrypted output value equals zero. Rangeproofs for each of the encrypted output values are associated with a different public key. Each public key is signed with a ring signature based on a public key of a recipient. A second ring signature is used to verify each asset tag, where the private key of the second ring signature for each asset is a difference between a first blinding value and an output coefficient.

Embodiments described herein provide a method on a mobile electronic device to facilitate the transmission of encrypted user data to a service provider, such as an emergency service provider. An encrypted data repository stores user data to be transmitted to the service provider. A key to decrypt the encrypted data repository is wrapped using a key associated with a publicly trusted certificate for the service provider. In response a request received at the mobile device to initiate an emergency services request, the mobile device can transmit the encrypted data repository and wrapped cryptographic material to a server that is accessible by the service provider.

A client computing device may obtain access to protected resources with a proof-of-possession (Pop) token. The client computing device may request an access token from an authorization server via an application server. The request may include key material (e.g., token binding type, key, and key parameters) that the client computing device possesses or has access to, such as a public key of an asymmetric public/private key pair. In some embodiments, the public key may be a confirmation (CNF) key, which may be added to the access token and JWT signed by the authorization server. The private key may be retained by the client, who may then use the PoP token to prove possession of the private key.

A first input share value, a second input share value, and a third input share value may be received. The first input share value may be converted to a summation or subtraction between an input value and a combination of the second input share value and the third input share value. A random number value may be generated and combined with the second input share value and the third input share value to generate a combined value. Furthermore, a first output share value may be generated based on a combination of the converted first input share value, the combined value, and additional random number values.

Various embodiments include a first node for providing a function to a second node for evaluation, the first node configured to form a first plurality of garbled circuits for the function, each circuit being formed from a circuit representing the function and a respective set of wire keys and including one or more logic operations, one or more input wires for inputting data into the circuit and one or more output wires for outputting the result of the function, wherein each respective set of wire keys comprises a respective subset of wire keys for each input wire and each output wire, each subset of wire keys comprising a plurality of wire keys, each wire key in the plurality being associated with a possible value for the wire; and publish a first list of the first plurality of garbled circuits for the function for access by a plurality of second nodes.