Disclosed are a calculation device for encryption using a public key and an encryption method thereof. The present method comprises: a step for setting a secret key, and generating a public key using the secret key and an error extracted from a discrete Gaussian distribution or a distribution that is within a short statistical distance thereto; and a step for applying the public key to a message, and then performing a rounding process to encrypt the message. Accordingly, encryption efficiency can be enhanced.

A computer-implemented method according to one aspect includes creating an initialization vector, utilizing an instance of plaintext and a secret key; encrypting the instance of plaintext, utilizing the initialization vector, the secret key, and the instance of plaintext; combining the initialization vector and the encrypted instance of plaintext to create a ciphertext string; and sending the ciphertext string to a storage device performing deduplication.

A method for hyper security encoding includes receiving data to be encrypted, and padding the data to be encrypted with padding data to avoid un-obfuscated bits after encryption. The method also includes encrypting, with a Mojette Transform, the data to be encrypted after the data to be encrypted is padded with the padding data, and outputting a result of the encryption as encrypted data.

Privacy-preserving homomorphic inferencing utilizes batch processing on encrypted data records. Each data record has a private data portion of interest against which the inferencing is carried out. Batch processing is enabled with respect to a set of encrypted data records by techniques that ensure that each encrypted data record has its associated private data portion in a unique location relative to the other data records. The set of encrypted data records are then summed to generate a single encrypted data record against which the inferencing is done. In a first embodiment, the private data portions of interest are selectively and uniquely positioned at runtime (when the inferencing is being applied). In a second embodiment, the private data portions of interest are initially positioned with the data-at-rest, preferably in an off-line process; thereafter, at runtime individual encrypted data records are processed as necessary to adjust the private data portions to unique positions prior to batching.

A method for data encryption may include receiving input data, finding a delimiter in the input data, generating, based on a position of the delimiter in the input data, a portion of data using a part of the input data, and encrypting the portion of data. The input data may include a record, the delimiter indicates a boundary of the record, and the portion of data may include the record. The position of the delimiter may be in the part of the input data. Generating the portion of data may include generating the portion of data based on a subset of the part of the input data. The part of the input data may be a first part of the input data, and the position of the delimiter may be in a second part of the input data.

An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

A method of operation concealment for a cryptographic system includes randomly selecting which one of at least two cryptographic operation blocks receives a key to apply a valid operation to data and outputs a result that is used for subsequent operations. Noise can be added by operating the other of the at least two cryptographic operation blocks using a modified key. The modified key can be generated by mixing the key with a block-unique-identifier, a device secret, a slowly adjusting output of a counter, or a combination thereof. In some cases, noise can be added to a cryptographic system by transforming input data of the other cryptographic operation block(s) by mixing the input data with the block-unique-identifier, device secret, counter output, or a combination thereof. A cryptographic system with operation concealment can further include a distributed (across a chip) or interweaved arrangement of subblocks of the cryptographic operation blocks.

A computer-implemented method according to one embodiment includes compressing an uncompressed instance of data to create a compressed instance of data; encrypting the compressed instance of data utilizing wide-block encryption in response to determining that a size of the compressed instance of data is less than a predetermined threshold; and adding a zero pad to the encrypted compressed instance of data to create a ciphertext string.

A method for generating digital signatures is disclosed. The method contains the steps of generating at least one private key, generating at least one table by using the private key in at least one white box cryptosystem, generating at least one random number, generating pre images, each to be used in a digital signature by encrypting the random numbers using the generated table in at least one white box cryptosystem, and generating at least one digital signature by using at least one generated pre image.