A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a one round pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.

Techniques, systems, and devices are disclosed for performing secure cryptographic communication. One disclosed technique includes transmitting information that identifies a group key from a first device to a second device. The technique further includes, in the first device, using the group key to encrypt an input vector, transmitting the encrypted input vector, encrypting privacy-sensitive information using a device key, an encryption algorithm, and the input vector, and transmitting the encrypted privacy-sensitive information to the second device.

A method and system. Ciphertext is generated by applying an initialization vector and an encryption key to plaintext. The initialization vector is combined with the ciphertext to generate encrypted data, by using an embedding rule to perform the combining, wherein using the embedding rule includes generating the encrypted data by: dividing the initialization vector into a specified number of bits to obtain an ordered sequence of initialization vector fragments; dividing the ciphertext into a specified number of bits to obtain ciphertext fragments; and distributing the initialization vector fragments between the ciphertext fragments according to the order of the initialization vector fragments in the sequence.

A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a one round pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.

A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a one round pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.

A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a one round pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.

A method for encoding encrypted data for further processing includes: receiving an input data vector of length m; splitting the input data vector to k multiple vectors; multiplying each of the multiple vectors by a power of 2 to obtain k number of intermediate vectors; summing the k number of intermediate vectors to obtain a single summed vector; encrypting the single summed vector to obtain an encrypted vector; sending the encrypted vector to an operational unit to have the encrypted vector operated on to obtain a processed encrypted vector; receiving the processed encrypted vector; decrypting the received encrypted vector; dividing the processed decrypted vector by a power of 2, modulus a power of 2 to obtain multiple transitional vectors of the same dynamic range and the same length; and concatenating the multiple transitional vectors to obtain a recovered vector of length m.

In a general aspect, a conversion scheme is used with a cryptographic system. In some aspects, a pad bit vector is generated based on a size of a message bit vector, and a record bit vector is generated based on the pad bit vector. The record bit vector indicates the size of the pad bit vector. The record bit vector, the message bit vector, and the pad bit vector are combined to yield a first bit vector. A hash function is applied to the first bit vector, and an encryption function is applied to a portion of the first bit vector. A ciphertext is generated based on the output of the hash function and the output of the encryption function.

System and method embodiments are provided for content encryption in a key/value store. The embodiments include encrypting both the key and value of client data blocks for storage so that the data can be retrieved reliability without compromising the key. An embodiment method includes obtaining a key from a data block comprising the key and a value, encrypting the key using a deterministic encryption algorithm with an encryption key to map the key to a cypher text in a one-to-one mapping, and encrypting the value using a second encryption algorithm to randomly map the value to a second cypher text. Encrypting both the key and the value provides more protection to the client data instead of encrypting only the value and leaving the key vulnerable without encryption. The encrypted key can also be protected from unauthorized access and from the owner of the database or the storage system.

Disclosed is a technique for guaranteeing high-level QoS for emergent traffic to enable the transmission of the traffic. According to the technique, when a transmission unit 110 sends a content to a reception unit through a network 130, identification information is added to a data packet including the content to indicate that the data packet is a packet to be transmitted to a permitted content using node 150. This packet is duplicated by a network node (e.g., an intermediate node (management node) 140) and forwarded to both the reception unit and the permitted content using node. The content stored on the permitted content using node can be referred to check whether this content is to be transmitted in high priority. A content owner can get compensation (e.g., the cost required for high-priority network transmission) by providing the right of use of the content to the permitted content using node.