A virtual enigma cipher system is described herein that allows for symmetric encryption and decryption of data. During encryption, a plurality of wheels representing sequences of data are used to encrypt a message. The plurality of wheels includes at least one dynamic wheel, which is generated based on a password, and a plurality of static wheels. During encryption, the unencrypted message is iterated from beginning to end. During each step of iteration, the encrypted payload value for a particular position is determined by performing an exclusive or (XOR) operation between the value of the unencrypted message at the position, and the values of the wheels at their respective wheel pointer positions. The particular position is then incremented, as are the wheel pointer positions, and iteration continues until the entire unencrypted message has been encrypted as part of the encrypted payload. Padding data and the message length are appended to the encrypted payload. During decryption, the steps are reversed.

A method and apparatus of a device that stores an object on a plurality of storage servers is described. In an exemplary embodiment, the device shares an object between a first user and a second user stored in a secure virtual storage space. In this embodiment, the device storing an object in a secure virtual storage space, where the object is encrypted using an object key and is stored as a first plurality of different randomized bit vectors stored in a first plurality of storage servers in the secure virtual storage space. In addition, the device retrieves a private first user key from a client and retrieves a public second user key from the secure virtual storage space. Furthermore, the device creates a datagram key from the private first user key and the public second user key. The device additionally encrypts the object key using the datagram key to generate a datagram. In addition, the device stores the datagram in the secure virtual storage space, where the datagram is stored as a second plurality of different randomized bit vectors stored in second plurality of storage servers in the secure virtual storage space. The device further sends a message to second user from first user indicating that the object and datagram are available to be read.

A grouping means 11 that extracts basis vectors from a set of basis vectors for a lattice having a predetermined relationship with a matrix used to generate a public key, and that groups the basis vectors such that a predetermined condition is satisfied. A sampling means 12 that samples, for at least one group, the same number of arbitrary values as the number of a plurality of basis vectors included in that group, in parallel for the individual basis vectors, onto a lattice constituted by the plurality of basis vectors, the arbitrary values serving as random numbers following a discrete Gaussian distribution. The predetermined condition is that each of the basis vectors included in a group is orthogonal to the other basis vectors included in the same group and is also orthogonal to Gram-Schmidt basis vectors, which are vectors obtained by orthogonalizing the other basis vectors by Gram-Schmidt orthogonalization.

An electronic device includes a combinational logic circuit, one or more state-sampling components, and protection circuitry. The combinational logic circuit has one or more inputs and one or more outputs. The state-sampling components are configured to sample the outputs of the combinational logic circuit at successive clock cycles. The protection circuitry is configured to protect the combinational logic circuit by, per clock cycle, starting to apply random data to the inputs of the combinational logic circuit a given time duration before a sampling time of the state-sampling components for that clock cycle, and, after applying the random data, switching to apply functional data to the inputs of the combinational logic circuit, to be sampled by the state-sampling components. A propagation delay, over any signal path via the combinational logic circuit, is no less than the given time duration.

Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to detokenize encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing.

A computer-implemented method comprises: committing a transaction amount t of a transaction with a commitment scheme to obtain a transaction commitment value T, the commitment scheme comprising at least a transaction blinding factor r_t; encrypting a combination of the transaction blinding factor r_t and the transaction amount t with a public key PK_B of a recipient of the transaction; and transmitting the transaction commitment value T and the encrypted combination to a recipient node associated with the recipient for the recipient node to verify the transaction.

Provided are a random number generation device and the like capable of calculating a high precision random number using a memory capacity selected irrespective of the precision of the random number. A random number calculation device is configured to generate first random numbers based on given number and specify, for the given number of second random numbers in a target numeric extent, bin range depending on the first random numbers based on frequency information representing cumulative frequency regarding a frequency of numeric extent including respective second random numbers among given numeric extents, the numeric extent being determined in accordance with a desirable precision.

Aspects of the present disclosure relate to an apparatus comprising analogue circuitry comprising an entropy source, the entropy source being configured to provide a random output. The apparatus comprises first digital circuitry to receive the output of the entropy source and, based on said output, generate random numbers, and second digital circuitry to receive the output of the entropy source and, based on said output, generate random numbers, the second digital circuitry being a duplicate of the first digital circuitry. The apparatus comprises difference detection circuitry to determine a difference of operation between the first digital circuitry and the second digital circuitry. Each of the first digital circuitry and the second digital circuitry comprises entropy checking circuitry to check the entropy of the output of the entropy source.

Systems and methods for tokenization to support pseudonymization are provided herein. An example method includes receiving an input set, seeding a random number generator with one or more secret data, transposing the input set using a first random number/transposition parameter generated by the random number generator to create a transposed input set, transposing a token set using a second random number/transposition parameter generated by the random number generator to create a transposed token set, and generating a token by substituting transposed input set values with transposed token set values.

An alias key is generated for each person identification (ID) in a database table. The alias key us used to lookup the corresponding person ID in the database table. In addition, for each alias key, a temporary alias key is generated that is used to lookup the corresponding alias key in the database table. A plurality of queries are received from at least one remote client that each specify at least one of the temporary alias keys. Data is later transmitted to the at least one remote client that is responsive to the queries. Related apparatus, systems, techniques and articles are also described.