In aspects of variable relinearization in homomorphic encryption, a computing device stores homomorphic encrypted data as a dataset, and implements an encryption application that can perform a multiplication operation on a ciphertext in the homomorphic encrypted data, where the multiplication operation contributes to increase a noise component in the ciphertext. The encryption application can determine a relinearization amount by which to relinearize the ciphertext after the multiplication operation, where the determination is effective to optimize a noise increase in the ciphertext based at least in part on projected subsequent multiplication operations on the ciphertext. The encryption application can then relinearize the ciphertext utilizing the determined relinearization amount that optimizes the noise increase in the ciphertext for optimal relinearization performance.

A method is provided for shuffling an order of a plurality of data blocks. In the method, a random number is generated, the random number corresponding to an index for a data block of the plurality of data blocks, where each data block of the plurality of data blocks has an index that uniquely identifies each data block of the plurality of data blocks. The increment function with a parameter is applied to the random number to generate a new index, the new index corresponds to a data block of the plurality of data blocks. The data block corresponding to the new index is selected as the next data block of a reordering of the plurality of data blocks. The method is iterated until the reordering of the plurality of data blocks is complete.

Input signals may be received. Furthermore, a control signal controlling the implementation of a Differential Power Analysis (DPA) countermeasure may be received. One of the input signals may be transmitted as an output signal based on the control signal. A cryptographic operation may be performed based on the first output signal that is transmitted based on the control signal.

A transmission apparatus and a transmission data protection method thereof are provided. The transmission apparatus stores a data table, a bloom filter, a first randomization array, a plurality of second randomization arrays and an identifier of each of the second randomization arrays. The bloom filter has a plurality of independent hash functions. The transmission apparatus generates a current original datum according to the data table; inputs the current original datum to the bloom filter as a current input datum of the bloom filter to output a current bloom datum; randomizes the current bloom datum according to the first randomization array to generate a current first randomized datum; randomizes the current first randomized datum according to one of the second randomization arrays to generate a current second randomized datum; and transmits a data signal carrying the current second randomized datum and an identification datum to another transmission apparatus.

A randomizer includes a first pseudorandom number generator, a second pseudorandom number generator, and a first logic circuit configured to output a pseudorandom sequence by carrying out an operation on a pseudorandom sequence generated by the first pseudorandom number generator and a pseudorandom sequence generated by the second pseudorandom number generator, and a second logic circuit configured to randomize a data string input to the randomizer based on the pseudorandom sequence output by the first logic circuit.

A method and an apparatus for hardware security to countermeasure side-channel attacks are provided. The method or apparatus may introduce at least one redundant or partial redundant computation having a similar power dissipation profile or an electromagnetic emission profile when compared to that of a genuine operation for cryptographic devices, and/or to reorder the iterations of operations in a different sequence. The redundant or partial redundant computation may be performed by using a different password key and/or a different raw data (e.g., plaintext). The presence of the redundant or partial redundant computation would make side-channel attacks difficult in the sense that genuine or redundant/partial redundant operations are difficult to be clearly identified, hence serving as a countermeasure for hardware security.

This disclosure is related to devices, systems, and techniques for automatically generating software packages to provide Secure Computation as a Service (SCaaS). For example, a computing device includes processing circuitry configured to receive a set of information comprising an indication of a first party and an indication of a second party. Additionally, the processing circuitry is configured to generate, based on the set of information, a first software package corresponding to the first party, the first software package configured to implement a secure computation, and generate, based on the set of information, a second software package corresponding to the second party, the second software package configured to implement the secure computation. Additionally, the processing circuitry is configured to export the first software package and export the second software package, enabling the first party device and the second party device to perform the secure computation.

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium. In one aspect, a method includes receiving, from a content distributor, plan data specifying a set of distribution plans that cause distribution of content. Instructions are transmitted to publishers to submit secret shares of a multi-register sketch representing presentations of the content. A notification that the content distributor has requested an analysis of the presentations of the content is sent to a multi-party computing group. A result share of the analysis of the presentation of the content is received from multiple MPC devices in the MPC group. A set of result shares received from the of MPC devices are transmitted to the content distributor.

Provided is a method for securing a security device against side-channel analysis attacks while performing a sensitive operation. It includes training an attack neural network to perform a side-channel attack against the security device while performing a sensitive operation, creating a training data set for a protective neural network by applying a plurality of elementary protection combinations to the sensitive operation while performing the sensitive operation, training a protective neural network executing on a coprocessor of the security device using the training data set for the protective neural network, and programming the coprocessor of the security device with the set of parameters for the protective neural network. Other embodiments disclosed.

An obfuscation process is described for obfuscating a cryptographic parameter of cryptographic operations such as calculations used in elliptical curve cryptography and elliptical curve point multiplication. Such obfuscation processes may be used for obfuscating device characteristics that might otherwise disclose information about the cryptographic parameter, cryptographic operations or cryptographic operations more generally, such as information sometimes gleaned from side channel attacks and lattice attacks.