One embodiment provides for an electronic device, comprising a network interface, a memory coupled with the network interface, at least one application processor coupled with the memory, the at least one processor to execute instructions stored in the memory, and a secure processor including a cryptographic engine, wherein the cryptographic engine is to generate a sealed encrypted message to be transmitted via the network interface, the sealed encrypted message encrypted on behalf of the at least one application processor and includes a signature to enable integrity verification of the sealed encrypted message, the signature generated based on an identity key of the electronic device and data including ciphertext of the encrypted message and a public key of a recipient of the sealed encrypted message.

The present invention involves with a method of searchable public-key encryption, a system and server using the method.

A process receives a specification of a finite-state machine and an encrypted language element of a language over an input alphabet for the finite-state machine. The received encrypted language element is encrypted with a selected public key of a plurality of public keys. The process decrypts the encrypted language element using each private key of a plurality of private keys corresponding to the public keys. The decrypting provides a plurality of decrypted language elements and the process applies each decrypted language element to the finite-state machine. The process identifies a decrypted language element that that is accepted by the finite-state machine. The process identifies a private key, of the private keys, used in the decrypting that provided the decrypted language element identified as being accepted by the finite-state machine. The process receives from the message sender an encrypted message, and uses the identified private key in decrypting the encrypted message.

An apparatus includes a processor and a memory operatively coupled to the processor and associated with an instance of a distributed database at a first compute device. The processor is configured to select an anonymous communication path. Each blinded public key from a sequence of blinded public keys associated with the anonymous communication path is associated with a pseudonym of a compute device from a set of compute devices that implement the anonymous communication path. The processor is configured to generate an encrypted message encrypted with a first blinded public key. The processor is configured to generate an encrypted data packet including the encrypted message and a compute device identifier associated with a second compute device. The encrypted data packet is encrypted with a second blinded public key. The processor is configured to send the encrypted data packet to a third compute device.

A group structure preserving signature system that can be applied to groups based on symmetric bilinear mapping, that reduces the signature length, and that enables efficient computation of verification equations is provided. At least, information indicating p, G.sub.1, G.sub.2, G.sub.T, e, g.sub.1, and g.sub.2, information needed to obtain e(h.sub.u, h.sub.v), and data that includes g.sub.s, h.sub.s, g.sub.t, h.sub.t, {g.sub.1, h.sub.1}, . . . , {g.sub.K, h.sub.K} are held as a public key vk, and data that includes vk, .sub.s, .sub.s, .sub.t, .sub.t, .sub.u, .sub.v, {.sub.1, .sub.1}, . . . , {.sub.K, .sub.K} are held as a secret key sk. A signature device selects and at random from integers between 0 and p1, both inclusive, obtains w, s, t, and r, and generates, as a signature , data that includes w, s, t, and r. A verification device verifies the signature by using two verification equations.

A process receives a specification of a finite-state machine and an encrypted language element of a language over an input alphabet for the finite-state machine. The received encrypted language element is encrypted with a selected public key of a plurality of public keys. The process decrypts the encrypted language element using each private key of a plurality of private keys corresponding to the public keys. The decrypting provides a plurality of decrypted language elements and the process applies each decrypted language element to the finite-state machine. The process identifies a decrypted language element that that is accepted by the finite-state machine. The process identifies a private key, of the private keys, used in the decrypting that provided the decrypted language element identified as being accepted by the finite-state machine. The process receives from the message sender an encrypted message, and uses the identified private key in decrypting the encrypted message.

An enhanced robust input protocol for secure multi-party computation (MPC) via pseudorandom secret sharing is provided. With this enhanced protocol, the servers that participate in MPC can generate and send a single random sharing [R] to a client with k inputs (rather than a separate random sharing per input), and the client can derive k pseudorandom sharings from [R] without any further server interactions.

In aspects of variable relinearization in homomorphic encryption, a computing device stores homomorphic encrypted data as a dataset, and implements an encryption application that can perform a multiplication operation on a ciphertext in the homomorphic encrypted data, where the multiplication operation contributes to increase a noise component in the ciphertext. The encryption application can determine a relinearization amount by which to relinearize the ciphertext after the multiplication operation, where the determination is effective to optimize a noise increase in the ciphertext based at least in part on projected subsequent multiplication operations on the ciphertext. The encryption application can then relinearize the ciphertext utilizing the determined relinearization amount that optimizes the noise increase in the ciphertext for optimal relinearization performance.

A numerical conversion method for a public key cryptography system includes accumulating a first value by using a first modular addition loop according to the first value for generating a second value after a first predetermined loop count is reached, accumulating the second value by using a second modular addition loop according to the second value for generating a third value after a second predetermined loop count is reached, inputting the third value to a Montgomery modular exponentiation function for generating a Montgomery conversion parameter, and converting a first conversion value in an integer domain into a second conversion value in a Montgomery domain.

Discloses a method and an apparatus for visual construction of a knowledge graph system. In the present disclosure, data permission of a distributed client is determined through a central server. The central server obtains a master template of a knowledge graph system and sends it to the distributed client. The distributed client receives a natural language inputted by a user and parses to generate an abstract syntax tree. The user completes customization of a subtemplate of the knowledge graph system through visual operation. The distributed client encrypts the subtemplate and then sends it to the central server. When the knowledge graph system is to be used, any knowledge concept is inputted, the central server calls and decrypts the subtemplate and then searches a database, and a tree structure knowledge graph is generated and sent to the distributed client.