A method for executing, by a circuit, an operation combining first and second input data and providing an output data of the same size, may include generating from the first input data a first input set including all possible data in relation to a size of the first data, generating from the second input data a second input set including all possible data in relation to a size of the second data, and applying the operation to each pair of data including a data of the first input set and a data of the second input set, an output set of the operation including data resulting from the application of the operation to each of the pairs of data.

A method for executing an operation by a circuit, may include using a first mask set of mask parameters including a same number of occurrences of all possible values of a word of an input data in relation to a size thereof, using an input set including for each mask parameter in the first mask set a data obtained by applying XOR operations to the input data and to the mask parameter and providing an output set including all data resulting from the application of the operation to a data in the input set. The output data may be obtained by applying XOR operations to any of the data in the output set and to a respective second mask parameter in a second mask set including a same number of occurrences of all possible values of the second mask parameters in relation to a size of thereof.

A method for executing an operation whereby a first input data, may be combined with a second input data, may include: defining data pairs whereby each data of a first input set is associated with a respective data of a second input set, the data in the first and second input sets may be obtained by applying Exclusive OR (XOR) operations to the first and second input data and to all first and second mask parameters of first and second mask sets; and computing output data by applying the operation to each of the data pairs, to obtain an output set, the first and second mask sets being such that a combination by XOR operations of each pairs of corresponding first and second mask parameters may produce a third mask set, where each mask sets may include a word column having a same number of occurrences of all possible values of the words.

A method for executing by a circuit a bit permutation operation by which bits of an input data are mixed to obtain an output data including at least two words, may include: generating a first mask set including mask parameters, the mask set having one word column per word of the input data, each word column comprising a same number of occurrences of all possible values of one input data word in relation to a size of the input data word; generating an input set by combining the input data with each mask parameter of the first mask set by Exclusive OR (XOR) operations; and computing an output set including output data resulting from the application of the bit permutation operation to each data in the input set, where the first mask set may be generated such that the output set includes columns of output words, and each output word column including a same number of occurrences of all possible values of one output word in relation with a size of the output word.

A computing apparatus outputs .sub.1 and .sub.2 corresponding to a ciphertext x, a capability providing apparatus uses .sub.1 to correctly compute f(.sub.1) with a probability greater than a certain probability and sets the result of the computation as z.sub.1, uses .sub.2 to correctly compute f(.sub.2) with a probability greater than a certain probability and sets the result of the computation as z.sub.2, the computing apparatus generates a computation result u=f(x).sup.bx.sub.1 from z.sub.1, generates a computation result v=f(x).sup.ax.sub.2 from z.sub.2, and outputs u.sup.bv.sup.a if the computation results u and v satisfy a particular relation, where G and H are groups, f(x) is a function for obtaining an element of the group G for xH, X.sub.1 and X.sub.2 are random variables having values in the group G, x.sub.1 is a realization of the random variable X.sub.1, and x.sub.2 is a realization of the random variable X.sub.2.

A processor device has an executable implementation of a cryptographic algorithm implemented being white-box-masked by a function f. The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. Multiplicities of sets Mxi, i=1, 2, . . . =Mx11, Mx12, . . . Mx21, Mx22, . . . are formed from the output values a of the affine mapping A.

Systems and methods for privacy-preserving data loss detection include performing a sweep of online information for a candidate data leakage to generate an online data set; performing an analysis of the online data set to determine that the online information is a candidate data leakage; the host encrypting the data communication and providing the host-encrypted data communication to a software agent at the enterprise; in response to receiving the host-encrypted data communication, the software agent encrypting a database of enterprise information and re-encrypting the host-encrypted data communication, and providing the same to the host; the host decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication; determining whether a match exists between the encrypted database of information and the software agent-encrypted data communication; and based on whether the match exists, the software agent taking a first action or the host taking a second action.

The subject matter described herein includes methods, systems, and computer readable medium for scrambled communication of data to, from, or over a medium. According to one aspect, the subject matter described herein includes a method for communicating data in scrambled form to or over a medium. The method includes receiving analog or digital data to be transmitted to or over a medium. The method further includes modulating samples representing at least signal using the analog or digital data to produce data modulated signal samples. The method further includes scrambling the data modulated signal samples using a predetermined scrambling algorithm. The method further includes transmitting the scrambled data modulated signal samples to or over the medium. The method further includes descrambling samples received from the medium using the inverse of the predetermined scrambling algorithm to obtain the unscrambled modulated signal samples, which can then be demodulated to retrieve original data.

A processor device has an executable implementation of a cryptographic algorithm implemented thereon that is white-box-masked by a function f The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. The affine mapping A is constructed by a construction method coordinated with the invertible mappings c1, c2, and etc.

The invention provides a processor device having an executable, white-box-masked implementation of a cryptographic algorithm implemented thereon. The white-box masking comprises an affine mapping A, which is so designed that every bit in the output values w of the affine mapping A depends on at least one bit of the obfuscation values y, thereby attaining that the output values w of the affine mapping A are statistically balanced.