Systems and methods are disclosed for generation of a representative data structure. A computing device can receive data including various data items. The computing device can generate logical rows that include the data items. The computing device can convert the logical rows into nodes and store the nodes into logical rows of a first logical table. The computing device can generate logical rows for a second logical table including row identifiers and a link to one of the logical rows from the first logical table.

A method for key agreement between a first party and a second party over a public communications channel, the method including selecting, by the first party, from a semigroup, a first value “a”; multiplying the first value “a” by a second value “b” to create a third value “d”, the second value “b” being selected from the semigroup; sending the third value “d” to the second party; receiving, from the second party, a fourth value “e”, the fourth value comprising the second value “b” multiplied by a fifth value “c” selected by the second party from the semigroup; and creating a shared secret by multiplying the first value “a” with the fourth value “e”, wherein the shared secret matches the third value “d” multiplied by the fifth value “c”.

Aspects of the invention include a computer-implemented method of executing a hybrid quantum safe key exchange system. The computer-implemented method includes initially retrieving an authenticated random value from a trusted source, generating a first Z value using a first elliptic curve (EC) private key and a first certified form of an EC public key with an EC Diffie-Hellman (ECDH) algorithm, deriving a shared key using the authenticated random value and the first Z value with a key derivation function, decrypting the authenticated random value using a quantum safe algorithm (QSA) private key, generating a second Z value using a second EC private key and a second certified form of the EC public key with the ECDH algorithm and deriving the shared key using the authenticated random value and the second Z value with the key derivation function.

An authentication and encryption protocol is provided that can be implemented within a single clock cycle of an integrated circuit chip while still providing unbreakable encryption. The protocol of the present invention is so small that it can co-exist on any integrated circuit chip with other functions, including a general purpose central processing unit, general processing unit, or application specific integrated circuits with other communication related functionality.

An authentication and encryption protocol is provided that can be implemented within a single clock cycle of an integrated circuit chip while still providing unbreakable encryption. The protocol of the present invention is so small that it can co-exist on any integrated circuit chip with other functions, including a general purpose central processing unit, general processing unit, or application specific integrated circuits with other communication related functionality.

The disclosure relates to improvements in secure channel establishment. In some aspects, the techniques described herein relate to a method including: issuing, by a client device to a server, a request to establish a secure connection; receiving, by the client device, a response to the request to establish a secure connection from the server, the response including a digital certificate associated with a public key stored by the server, the public key used to establish a symmetric key; validating, by the client device, the digital certificate; and computing, by the client device, a shared secret using the public key stored by the server and a private key generated by the client device.

A method of digitally signing a message is disclosed. The method comprises distributing first shares of a first secret value among a plurality of participants, wherein the first secret value is a private key accessible by means of a first threshold number of the first shares, and is inaccessible to less than the first threshold number of the first shares; distributing second shares of a second secret value among the participants, wherein the second secret value is an ephemeral key, wherein said ephemeral key is inaccessible to less than said first threshold number of said second shares; and distributing third shares of a third secret value among the participants, wherein each third share is adapted to be applied to a message to generate a respective fourth share of a fourth secret value, wherein the fourth secret value is the message signed with the private key and using the ephemeral key.

A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.

A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity.

Systems and methods for implementing confidential communications between nodes of a network provide reduced power consumption, require less memory, and provide improved security, relative to previously-known systems and method. Preferred embodiments implement protocol functions in hardware, as opposed to software, to yield some or all of the foregoing improvements. Some embodiments use a hashing circuit for multiple purposes, while maintaining its ability to compute successive intermediate hash values. Some embodiments improve security of systems using circuits configured to leverage a favorable data format.