A method for providing Cheon-resistance security for a static elliptic curve Diffie-Hellman cryptosystem (ECDH), the method including providing a system for message communication between a pair of correspondents, a message being exchanged in accordance with ECDH instructions executable on computer processors of the respective correspondents, the ECDH instructions using a curve selected from a plurality of curves, the selecting including choosing a range of curves; selecting, from the range of curves, curves matching a threshold efficiency; excluding, within the selected curves, curves which may include intentional vulnerabilities; and electing, from non-excluded selected curves, a curve with Cheon resistance, the electing comprising a curve from an additive group of order q, wherein q is prime, such that q−1=cr and q+1=ds, where r and s are primes and c and d are integer Cheon cofactors of the group, such that cd≤48.

In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle's operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.

Disclosed herein are method and systems for transmitting a plurality of ciphertexts to a plurality of users. The systems and methods described herein provide for performing an encryption update comprising a plurality of encryption keys and a multi-ciphertext to a plurality of recipient nodes. Methods and systems for organizing a database are also disclosed herein.

Devices and techniques for replay protection nonce generation are described herein. A hash, of a first length, can be produced from a first input. A first subset of the hash can be extracted as a selector. A second subset of the hash can be selected using the selector. Here, the second subset has a second length that is less than the first length. The second subset can be transmitted as a nonce for a freshness value in a replay protected communication.

A system includes circuitry for rewriting blockchains in a non-tamper-evident or tamper-evident operation using a key secret held in portions by multiple individually untrusted parties. The blockchains may include a series of blocks secured by integrity codes that may prevent non-tamper-evident rewrites by non-trusted parties that are not in possession of the key secret or individually-untrusted parties in possession of only a portion of the key secret. In some cases, multiple individually-untrusted parties may combine their portions into the key secret. As a group, the multiple individually-untrusted parties may perform non-tamper-evident operation with respect to at least one integrity code within the blockchain.

A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.

A cryptographic method is provided. The cryptographic method comprises an initialisation phase for determining a provisional generator point G′ equal to a first product G′=[d′]G, where d′ is a first random scalar forming a secret key of N bits and G is a generator point of an elliptical curve, and determining a provisional key Q′ equal to a second product Q′=[d′]Q, where Q is a point of the elliptical curve forming a public key. During an encryption phase a second random scalar forming a second secret key k of M bits, with M<N; a public key P is calculated such that P=[k]G′; a coordinate of an intermediate point SP1, of the elliptical curve, equal to a fourth product SP1=[k]Q′; at least one key by application of a derivation function (F1); and data (T1) are encrypted based on said at least one key.

A method of exchanging a combined cryptographic key between a first node and a second node, the first node and the second node being connected through a first communication and a second communication network, wherein the first communication network is a quantum communication network wherein information is encoded on weak light pulses; and the first node and the second node being configured to: exchange one or more first cryptographic keys on the first communication network; exchange one or more second cryptographic keys using the second communication network; and form the combined cryptographic key by combining the one or more first cryptographic keys and the one or more second cryptographic keys, such that the first node and the second node share knowledge of the combined cryptographic key.

Systems and methods for automatic VPN establishment are provided.

Methods and systems described herein authenticate a user and help secure transaction. A display screen presents images that are difficult for malware to recognize but a person can recognize. In at least one embodiment, a person communicates transaction information using visual images received from the service provider system. In at least one embodiment, a user selects a sequence of visual images as a means of authenticating the user and logging into a financial account or other corporate account. In some embodiments, methods and systems are provided for determining whether to grant access, by generating and displaying visual images on a screen that the user can recognize, and select. In an embodiment, a user presses his or her finger or fingers on a display screen to select images as a method for authenticating and protecting communication from malware. In an embodiment, non-determinism in hardware helps unpredictably vary the image selected, the image location, generate noise in the image, or change the shape or texture of the image. In some embodiments, visual image authentication helps Alice and Bob detect if Eve has launched a man-in-the-middle attack on their key exchange.