The present disclosure involves systems, software, and computer implemented methods for a verifiable communication-efficient secret shuffle protocol for encrypted data based on homomorphic encryption. A service provider and multiple clients participate in a secret shuffle protocol of randomly shuffling encrypted client-specific secret input values. The protocol includes generation and exchange of random numbers, random permutations, different blinding values, and use of random secret-shares. A protocol step includes homomorphic operations to shuffle encrypted secret input values so that resulting encrypted secret input values are rerandomized and in a shuffled sequence that is unmapped to an order of receipt by the service provider of the encrypted secret input values.

Methods and systems disclosed herein describe obfuscating plaintext cryptographic material stored in memory. A random location in an obfuscation buffer may be selected for each byte of the plaintext cryptographic material. The location of each byte of the plaintext cryptographic material may be stored in a position tracking buffer. To recover the scrambled plaintext cryptographic material, the location of each byte of the plaintext cryptographic material may be read from the position tracking buffer. Each byte of the plaintext cryptographic material may then be read from the obfuscation buffer and written to a temporary buffer. When each byte of the plaintext cryptographic material is recovered, the plaintext cryptographic material may be used to perform one or more cryptographic operations. The scrambling techniques described herein reduce the likelihood of a malicious user recovering plaintext cryptographic material while stored in memory.

Described herein are systems and methods that prevent against fault injection attacks. In various embodiments this is accomplished by taking advantage of the fact that an attacker cannot utilize a result that has been faulted to recover a secret. By using infective computation, an error is propagated in a loop such that the faulted value will provide to the attacker no useful information or information from which useful information may be extracted. Faults from a fault attack will be so large that a relatively large number of bits will change. As a result, practically no secret information can be extracted by restoring bits.

Data can be protected in a centralized tokenization environment. A security value is received by a central server from a client device. The central server accesses a token table corresponding to the client device and generates a reshuffled static token table from the accessed token table based on the received security value. When the client device subsequently provides data to be protected to the central server, the central server tokenizes the provided data using the reshuffled static token table and stores the tokenized data in a multi-tenant database. By reshuffling token tables using security values unique to client devices, the central server can protect and store data for each of multiple tenants such that if the data of one tenant is compromised, the data of each other tenant is not compromised.

An evolving encryption circuit for transforming a plain-text data stream into an encrypted data stream, the evolving encryption circuit comprising a confusion box population manager that generates a plurality of confusion boxes, a confusion box population agent that applies at least one evolutionary operator to each of the generated plurality of confusion boxes to create an evolved plurality of confusion boxes, a confusion box fitness evaluator that evaluates a cryptographic fitness of each of the evolved plurality of confusion boxes and assigns a cryptographic fitness measure to each of the evolved plurality of confusion boxes, a confusion box library that stores each one of the evolved plurality of confusion boxes that has an assigned cryptographic fitness measure above a fitness threshold value; and an encryptor block that implements one of the confusion boxes stored in the confusion box library to transform the plain-text data stream into the encrypted data stream.

An evolving encryptor system for generating at least one customized user-defined encryption block, the evolving encryptor system comprising an encryptor requirements agent that receives a plurality of encryption block design parameters and then generates a current set of encryption block design requirements based on the received plurality of encryption block design parameters, an encryptor algorithm engine that provides a plurality of different encryption module design templates based on the current set of encryption block design requirements, and an evolving encryptor processor that generates a current plurality of encryption block templates based on the plurality of different encryption module design templates and evaluates a cryptographic fitness of each of the current plurality of encryption block templates and assigns a cryptographic fitness measure to each of the current plurality of encryption block templates, and determines whether a current iteration count is below an iteration threshold value and, if the current iteration count is below the iteration threshold value, conducts a next iteration by generating a next plurality of encryption block templates until both said determined conditions are met, in which case the next plurality of encryption block templates is saved into an encryption block template database as a plurality of elite encryption block templates.

A baseband processor of a communication device, the baseband processor including an encryptor block that encrypts a transmit data stream into an encrypted data stream, at least one transmit chain block that transforms the encrypted data stream into an analog transmit signal, and a randomness inspector unit that is in communication with the encryptor block, the randomness inspector unit accessing the transmit data stream and the encrypted data stream from the encryptor block as first and second input streams, respectively, to the randomness inspector unit, and determining a randomness gain by comparing a first randomness measurement associated with the first input stream to a second randomness measurement associated with the second input stream.

Systems and methods that may implement an Oracle-aided protocol for producing and using FHE encrypted data. The systems and methods may initially encrypt and store input data in one encrypted form that is not performed using FHE, which does not substantially increase the size of the data and storage resources required to store the encrypted data. In accordance with the Oracle-aided protocol, the encrypted data is re-encrypted as FHE encrypted data when FHE encrypted data is required.

Systems and methods that may implement an Oracle-aided protocol for producing and using FHE encrypted data. The systems and methods may initially encrypt and store input data in one encrypted form that is not performed using FHE, which does not substantially increase the size of the data and storage resources required to store the encrypted data. In accordance with the Oracle-aided protocol, the encrypted data is re-encrypted as FHE encrypted data when FHE encrypted data is required.

Techniques for secure public exposure of digital data include extracting first digital data comprising one or more batches, each batch comprising a plurality of no more than a number T of packets, each packet containing a plurality of a number n of bits. A random binary matrix CK consisting of T rows and n columns is generated. For a first batch, a first random n-bit temporary key is generated and positions of the nT elements of matrix CK are randomized to produce matrix CK(RP). For a packet in the first batch, a first packet vector key is generated based on non-overlapping pairs of bit positions for both the temporary key and for a first packet-corresponding row of matrix CK(RP). An encrypted packet is generated for the packet based on the packet and the first packet vector key. The encrypted packet is exposed publicly.