A method of mapping an input message to an output message by a keyed cryptographic encryption operation, wherein the keyed cryptographic encryption operation includes a first round, including: performing a substitution function on a first portion of the input message to produce an output, wherein the substitution function incorporates a portion of a cryptographic key; and performing a watermarking function on the output, wherein the watermarking function produces a watermark output when the first input portion has a specific predetermined value, wherein the watermark output uniquely identifies the keyed cryptographic encryption operation.

Privacy-preserving leakage-deterring public-key encryption techniques are provided. A sender system sends to an authority system a commitment to leakage-deterring-data, and proves in zero-knowledge that the sender system has access to an opening to the commitment. The sender system receives a signature corresponding to a signed commitment to the leakage-deterring-data and an identifier of the sender system. The sender system encrypts a message to a receiver system by applying a one-time pad to the message using a one-time-pad key, and encrypts the result of the application with the public key of the receiver system. The sender system encrypts the one-time-pad key with an attribute-based encryption scheme with a public key of an oblivious decryptor system. The sender system forms a ciphertext from a combination of the encrypted message and the encrypted one-time-pad key and sends the ciphertext to the receiver system.

A system and method for salting and fingerprinting database tables, text files, data feeds, and the like, first resorts the data according to a field or fields in the data set. A salting recipe is selected and applied to the sorted data. A fingerprint of the data is captured after sorting and salting. The data is then restored to its original order before being sent to a trusted third party. Because the data owner retains information concerning the sorting sorting sonar technique, salting technique, and the fingerprint, the data owner can reconstruct the unsalted file from the salted file, and can determine if a wild file contains data from the data file. The salting is difficult to detect by the bad actor, even if the bad actor is aware that the data has been salted.

A system, method, and computer program product to renewably prevent traitors in a broadcast encryption system from re-using compromised keys. A license agency assigns individual receivers a set of Sequence Keys preferably at manufacture, and assigns Sequence Key Blocks (SKBs) to protected content files to be distributed. The files may be distributed on prerecorded media and typically include several file modifications. The particular modifications in a pirated version of a file can help identify which traitors contributed to its theft. SKBs assigned to new files distributed after traitors have been identified cannot be usefully processed using the compromised keys employed in previous content piracy. Innocent receivers that happen to have compromised key(s) in common with traitors can use a replacement uncompromised Sequence Key from the set to usefully decrypt content. Traitors will however step through all their Sequence Keys without reaching one that will work.

A system and method for salting and fingerprinting database tables, text files, data feeds, and the like, first resorts the data according to a field or fields in the data set. A salting recipe is selected and applied to the sorted data. A fingerprint of the data is captured after sorting and salting. The data is then restored to its original order before being sent to a trusted third party. Because the data owner retains information concerning the sorting sorting sonar technique, salting technique, and the fingerprint, the data owner can reconstruct the unsalted file from the salted file, and can determine if a wild file contains data from the data file. The salting is difficult to detect by the bad actor, even if the bad actor is aware that the data has been salted.

Privacy-preserving leakage-deterring public-key encryption techniques are provided. A sender system sends to an authority system a commitment to leakage-deterring-data, and proves in zero-knowledge that the sender system has access to an opening to the commitment. The sender system receives a signature corresponding to a signed commitment to the leakage-deterring-data and an identifier of the sender system. The sender system encrypts a message to a receiver system by applying a one-time pad to the message using a one-time-pad key, and encrypts the result of the application with the public key of the receiver system. The sender system encrypts the one-time-pad key with an attribute-based encryption scheme, the attributes including predefined time period data and a receiver system identifier, with a public key of an oblivious decryptor system. The sender system forms a ciphertext from a combination of the encrypted message and the encrypting one-time-pad key and sends to the receiver system.

A system for identifying one or more malicious parties participating in a secure multi-party computation (MPC), comprising one of a plurality of computing nodes communicating with the plurality of computing nodes through a network(s). The computing node is adapted for participating in an MPC with the plurality of computing nodes using secure protocol(s) established over the network(s), the secure protocol(s) support transmittal of private messages to each of the other computing nodes and transmittal of broadcast messages to all of the computing nodes, detecting invalid share value(s) of a plurality of share values computed and committed by the computing nodes during the MPC, verifying each of the share values according to a plurality of agreed share values valid for the MPC which are determined through a plurality of broadcast private messages, identifying identity of malicious computing node(s) which committed the invalid share value(s) failing the verification and outputting the identity.

A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.

Embedding a watermark payload in content, including: a counter configured to store a random seed; a permutation generator configured to receive and process the watermark payload and the random seed, and generate a shuffled payload based on the random seed; and a watermark embedder configured to receive and embed the shuffled payload into the content. Key words include watermark payload and collusion.

A method of mapping an input message to an output message by a keyed cryptographic encryption operation, wherein the keyed cryptographic encryption operation includes a first round, including: performing a substitution function on a first portion of the input message to produce an output, wherein the substitution function incorporates a portion of a cryptographic key; and performing a watermarking function on the output, wherein the watermarking function produces a watermark output when the first input portion has a specific predetermined value, wherein the watermark output uniquely identifies the keyed cryptographic encryption operation.