The invention provides a method and system for authenticating a plaintext message at a sender computing device and verifying the integrity and authenticity of the plaintext message at a receiver computing device. Firstly, the method includes prepending a random string to the plaintext message and then generating a ciphertext corresponding to the plaintext message by encrypting the plaintext message prepended with the random string using an encryption algorithm. The method also includes the step of generating a compressed image of the plaintext message and generates an authentication tag from the compressed image of the plaintext message and the random string. Thereafter, the method transmits both the ciphertext and the authentication tag generated at the sender computing device to the receiver computing device. The receiver computing device, on receiving the ciphertext and the authentication tag corresponding to the plaintext message, verifies the integrity and authenticity of the plaintext message.

Technologies for secure software update include an update server and one or more client computing devices. The update server generates a software release including release components, such as packages and/or bundles, and a version number. The update server generates an integrity hash tree over the software release and a Lamport one-time signature key pair for each node of the integrity hash tree. The update server generates a Merkle signature scheme authentication tree based on the key pairs and signs each node of the integrity hash tree. The update server signs the root of the authentication tree with an anchor private key. A client computing device downloads one or more release components and verifies the release components with the integrity hash tree, the signatures, and the authentication tree. The client computing device verifies the root of the authentication tree with an anchor public key. Other embodiments are described and claimed.

A system includes a plurality of storage units each including a network port operably coupled to the network, where one or more storage vaults is associated with the plurality of storage units and each storage vault of the one or more storage vaults represents a software-constructed grouping of storage units of the plurality of storage units, where the software-constructed grouping of storage units stores encoded data slices, where a data segment is encoded using an information dispersal algorithm to produce the encoded data slices, and where a storage unit: receives, via the network port, a request regarding the data segment stored in the software-constructed grouping of storage units, obtains, from a data structure pertaining to the software-constructed grouping of storage units, information regarding the request, determines whether the request is valid based on the information regarding the request, and when the request is valid, the storage unit executes the request.

An operation apparatus includes a message expansion unit, a state data initiation unit, a state data generation unit, and a chain variable update unit. The message expansion unit generates a plurality of expanded messages using a message. The state data initiation unit generates the initial value of state data using chain variable data. The state data generation unit generates the final value of the state data by iterating a combination function and a step function using the state data and the plurality of expanded messages. The chain variable update unit updates the chain variable data using the state data of the final value.

A method for addition of a block to a permissioned blockchain using efficient consensus includes: storing a blockchain; receiving transaction messages having transaction values from consensus nodes; generating a Merkle root for the transactions messages using transaction references; generating a proposed block header having the Merkle root and a hash of the header of the most recently added block in the blockchain; hashing the proposed block header; transmitting a proposal message having a digital signature and the hashed proposed block header to auditing nodes; receiving a response message accepting the digital signature from a majority of auditing nodes; transmitting an accept message to the auditing nodes; transmitting a confirmation message to the consensus nodes including the hashed proposed block header and digital signature; and writing a new block to the blockchain having the transaction values from the transaction messages and a header including the proposed block header and digital signature.

A system and method for data storage by shredding and deshredding of the data allows for various combinations of processing of the data to provide various resultant storage of the data. Data storage and retrieval functions include various combinations of data redundancy generation, data compression and decompression, data encryption and decryption, and data integrity by signature generation and verification. Data shredding is performed by shredders and data deshredding is performed by deshredders that have some implementations that allocate processing internally in the shredder and deshredder either in parallel to multiple processors or sequentially to a single processor. Other implementations use multiple processing through multi-level shredders and deshredders. Redundancy generation includes implementations using non-systematic encoding, systematic encoding, or a hybrid combination. Shredder based tag generators and deshredder based tag readers are used in some implementations to allow the deshredders to adapt to various versions of the shredders.

A method and system of authenticating a device within a network of connected devices that share a ledger of transactions between them under the form of exchanged blockchain messages and comprising: computing a PoK chain (70) based on the enhanced blockchain, receiving an authentication request from an application or a device, the authentication request including one or more PoKs (71), retrieving from the PoK database the PoK chain (70) corresponding to the application or device identified in the authentication request; computing a PoK (71) based on the PoK chain (70) retrieved from the PoK database, comparing it with the PoK (71) included in the authentication request, and if they match, validating the authentication request.

Exemplary systems and methods for the addition of a block to a permissioned blockchain using efficient consensus are disclosed. The methods and systems may include receiving transaction messages having transaction values from consensus nodes and generating a Merkle root for the transaction messages using transaction references and a proposed block header having the Merkle root and a hash of the header of the most recently added block in a blockchain. The proposed block header may be hashed and transmitted with a proposal message having a digital signature to auditing nodes. A response message accepting the digital signature may be received and an accept message may be transmitted to the auditing nodes and a confirmation message may be transmitted to the consensus-nodes. A new block may be written to the blockchain having the transaction values from the transaction messages and a header including the proposed block header and digital signature.

Technology, implemented in digital hardware, software, or combination thereof, for completing Secure Hash Algorithm (SHA-2) computation with generating one new hash value at each clock cycle is described. The technology includes: using synchronous logic to store the computed values every alternate clock and combinational logic to process multiple rounds of SHA in each clock; completing hash calculation in unrolled modes; using efficient adders for most 32-bit adders to improve performance.

A method of encoding and encrypting input data (D1) to generate corresponding encoded and encrypted data (E2) is provided. The input data (D1) is encoded to generate intermediate encoded data streams. The intermediate encoded data streams include at least one critical data stream that is critical and essential for subsequent decoding of one or more remaining data streams of the intermediate encoded data streams. The at least one critical data stream is encrypted using one or more encryption algorithms to generate at least one intermediate encrypted data stream. Subsequently, unencrypted portions of the intermediate encoded data streams are merged together with the at least one intermediate encrypted data stream to generate the encoded and encrypted data (E2).