A network gateway apparatus monitors Quic user datagram protocol (UDP) Internet Connection (QUIC) packets between a first device and a second device, extracts a version of the QUIC protocol and a connection identification from an unprotected portion of the protected header in response to detecting a QUIC packet having a protected header in use, determines a salt used in encryption of the protected header based on the version of the QUIC protocol, calculates a client initial secret based on the salt and the connection identification, determines an unprotected payload of the QUIC packet based on the client initial secret, a protected payload of the QUIC packet and the unprotected portion of the protected header, and extracts a server name indication (SNI) from the unprotected payload.

A secure multi-party computing system performs a multi-pivot partial sorting operation on a secret shared array of values. The use of multiple pivots supports efficient computations in a multi-party computation setting. Partial sorting determines percentile values without the need for a full sort. The secret shared array is first permuted by a secret random permutation. A multi-pivot sort, which can be a partial sort, is performed on the permuted array to obtain a public sorting permutation. The multi-pivot sort uses oblivious comparisons that produce secret shared Boolean indications of whether one secret shared value is less than another. The Boolean indications are revealed and used to produce the public sorting permutation, which in turn, is applied to the secret random permutation to obtain a secret shared sorting permutation. The secret shared sorting permutation is then applied to the secret shared array to obtain a sorted secret shared result.

This application relates to a synchronization circuit for synchronizing signals used in a threshold implementation operation process performing in an S-box of an encryption circuit. In one aspect, the synchronization circuit includes an enable signal generator configured to generate an enable signal. The synchronization circuit may also include a synchronization unit included in an encryption circuit and located inside an S-box that performs a threshold implementation operation that calculates by dividing bits of an input signal into bits equal to or greater than the number of bits of the input signal. The synchronization unit may be configured to synchronize signals used in a threshold implementation operation process based on the generated enable signal.

A virtual keyboard rendered on a separate computing device is independent of the user's computer. A virtual keyboard displayed on the user's computer screen is blank without any alphanumeric characters. Another virtual keyboard displayed on the user's independent computing device has a randomly generated layout of alphanumeric characters on a keypad. The user enters a password by pressing the blank keys of the blank keyboard on his computer screen with reference to the other virtual keyboard. The position sequence of these entered keys is sent to an application on a remote server computer. The remote server computer shares a virtual keyboard having the randomly generated layout of characters with the independent computing device via an online or off-line technique. When online, an encoded image of the encrypted layout is sent to the client computer and displayed for scanning by the device. When off-line, both the application and the device generate the same random key sequence by using the same pseudo random number generator and the same seed value.

A processor of a remote crypto cluster (RCC) may receive a public key from a client device through at least one network. The processor of the RCC may obtain an encrypted specific key and a blinded project key from at least one data source through the at least one network. The processor of the RCC may derive a derived key in blind based on the encrypted specific key and the blinded project key. The processor of the RCC may send the derived key in blind to the client device.

A magnetic sensor array device is comprised of an array of magnetic sensors arranged on a common semiconductor substrate to measure the multi-axis magnetic field of an arbitrary sized region at high speed with high spatial resolution and high magnetic resolution. This invention further improves a multi-axis magnetic sensor array device fabricated on a common semiconductor substrate with additional optimizations to provide for variable spatial resolution, variable magnetic resolution, and a novel secret key derivation.

The present disclosure relates to a method for protecting a first data item applied to a cryptographic algorithm, executed by a processor, wherein said algorithm is a per-round algorithm, with each round processing contents of first, second and third registers, the content of the second register being masked, during first parity rounds, by the content of a fourth register and the content of the third register being masked, during second parity rounds, by the content of a fifth register.

A method for performing privacy-preserving or secure multi-party computations enables multiple parties to collaborate to produce a shared result while preserving the privacy of input data contributed by individual parties. The method can produce a result with a specified high degree of precision or accuracy in relation to an exactly accurate plaintext (non-privacy-preserving) computation of the result, without unduly burdensome amounts of inter-party communication. The multi-party computations can include a Fourier series approximation of a continuous function or an approximation of a continuous function using trigonometric polynomials, for example, in training a machine learning classifier using secret shared input data. The multi-party computations can include a secret share reduction that transforms an instance of computed secret shared data stored in floating-point representation into an equivalent, equivalently precise, and equivalently secure instance of computed secret shared data having a reduced memory storage requirement.

An example system includes a processor to receive an instance of a composite format comprising a masking restriction. The processor can generate a mask for the instance of the composite format based on the masking restriction. The processor can output the generated mask.

A method may include receiving, from a first client, a first message. The first message may be matched to a second user based on a similarity between a first keyword included in the first message and a second keyword included in a profile of a second user. The first keyword may be determined to be similar to the second keyword based on a distance between a first vector representation of the first keyword and a second vector representation of the second keyword not exceeding a threshold value. In response to the first message being matched with the second user, the first message may be sent to a second client associated with the second user. In response to receiving, from the second client, a second message responsive to the first message, the second message may be sent to the first client. Related systems and articles of manufacture are also provided.