Method and system for public key matrix-based homomorphic encryption

Abstract

A system for matrix-based public key homomorphic encryption, including a processor of a computing node configured to host a homomorphic encryption module and connected to at least one cloud server and a memory on which are stored machine-readable instructions that when executed by the processor, cause the processor to: acquire plaintext x required to be encrypted; select a size of a matrix and modulus n; select invertible matrix S over .sub.n, wherein .sub.n is a residue ring modulo n; compute an invertible matrix S.sup.1 over .sub.n; select two random secret keys (S, S.sup.1) and (K, K.sup.1) of a homomorphic encryption scheme (.sub.m), where S and K belong to a ring of -matrix M.sub.l(.sub.m) over residue ring .sub.m with modulus m=pq, where p, q are primes; select (K, K.sup.1) as a master key; use the master key to encrypt all elements of matrices S and S.sup.1; obtain two ciphertexts P.sub.1=Enc.sub.K(S) and P.sub.2=Enc.sub.K(S.sup.1), which both form public key of the (.sub.m) including pk=(P.sub.1, P.sub.2), wherein a secret key is sk=((S, S.sup.1), (K, K.sup.1)); and apply the pk and the sk for encryption and decryption of the plaintext x.

Claims

1. A system for matrix-based public key homomorphic encryption, comprising: a processor of a computing node configured to host a homomorphic encryption module and connected to at least one cloud server; and a memory on which are stored machine-readable instructions that when executed by the processor, cause the processor to: acquire plaintext x required to be encrypted; select a size of a matrix and modulus n; select invertible matrix S over .sub.n, wherein .sub.n is a residue ring modulo n; compute an invertible matrix S.sup.1 over .sub.n; select two random secret keys (S, S.sup.1) and (K, K.sup.1) of a homomorphic encryption scheme (.sub.m), where S and K belong to a ring of -matrix M.sub.l(.sub.m) over residue ring .sub.m with modulus m=pq, where p, q are primes; select (K, K.sup.1) as a master key; use the master key to encrypt all elements of matrices S and S.sup.1; obtain two ciphertexts P.sub.1=Enc.sub.K(S) and P.sub.2=Enc.sub.K(S.sup.1), which both form public key of the (.sub.m) comprising pk=(P.sub.1, P.sub.2), wherein a secret key is sk=((S, S.sup.1), (K, K.sup.1)); and apply the pk and the sk for encryption and decryption of the plaintext x.

2. The system of claim 1, wherein the machine-readable instructions that when executed by the processor, cause the processor to: select the invertible matrix S over , wherein is a field of real numbers; compute the invertible matrix S.sup.1 over ; select two random secret keys (S, S.sup.1) and (K, K.sup.1) of a homomorphic encryption scheme (), where S and K belong to a ring of -matrix M.sub.l() over a field of real numbers R; select (K, K.sup.1) as a master key; use the master key to encrypt all elements of matrices S and S.sup.1; obtain two ciphertexts P.sub.1=Enc.sub.K(S) and P.sub.2=Enc.sub.K(S.sup.1), which both form public key of the () comprising pk=(P.sub.1, P.sub.2), wherein a secret key is sk=((S, S.sup.1), (K, K.sup.1)); and apply the pk and the sk for encryption and decryption of the plaintext x.

3. The system of claim 1, wherein the machine-readable instructions that when executed by the processor, cause the processor to calculate S as: $S=\left(\begin{array}{cc}{s}_{1,0}& s_{1,1}\\ s_{1,2}& s_{1,3}\end{array}\right).$

4. The system of claim 1, wherein the machine-readable instructions that when executed by the processor, cause the processor cause the processor to calculate S.sup.1 as: $S^{-1}=\left(\begin{array}{cc}{s}_{2,0}& s_{2,1}\\ s_{2,2}& s_{2,3}\end{array}\right).$

5. The system of claim 4, wherein the machine-readable instructions that when executed by the processor, cause the processor to calculate a public key as: $P_{ij}=En{c}_K\left(S_{i,j}\right)=K^{-1}\left(\begin{array}{cc}{}_{i,j}& 0\\ {}_{i,j}& s_{i,j}\end{array}\right)K,$ where .sub.i,j, .sub.i,j are chosen at random for all i=1,2 and j=0,1,2,3 for the have public key pk=(P.sub.1, P.sub.2), where: $P_1=\left(\begin{array}{cc}{P}_{1,0}& P_{1,1}\\ P_{1,2}& P_{1,3}\end{array}\right)\mathrm{and}{P}_2=\left(\begin{array}{cc}{P}_{2,0}& P_{2,1}\\ P_{2,2}& P_{2,3}\end{array}\right).$

6. The system of claim 5, wherein the secret key is sk=((S, S.sup.1), (K, K.sup.1)), where (S, S.sup.1 is used as a private key, and (K, K.sup.1) is used as master key for the encryption scheme (.sub.m) and ().

7. The system of claim 1, wherein the machine-readable instructions that when executed by the processor, cause the processor to choose random invertible r.sub.m or r and calculate r.sup.1, then calculate r.sup.1.Math.x, where x is plaintext.

8. The system of claim 7, wherein the machine-readable instructions that when executed by the processor, cause the processor to form envelop matrices V(r), V(r.sup.1x) and V(0) to compute initial ciphertexts ${\mathrm{Enc}}_{pk}^{\left(0\right)}\left(r\right)=P_{2}V\left(r\right)P_1,$ ${\mathrm{Enc}}_{pk}^{\left(0\right)}\left(r^{-1}x\right)=P_{2}V\left(r^{-1}x\right)P_1\mathrm{and}{\mathrm{Enc}}_{pk}^{\left(0\right)}\left(0\right)=P_{2}V\left(0\right)P_1.$

9. The system of claim 8, wherein the machine-readable instructions that when executed by the processor, cause the processor to generate encrypted plaintext x as $C\left(x\right)={\mathrm{Enc}}_{pk}^{\left(0\right)}\left(x\right)={\mathrm{Enc}}_{pk}^{\left(0\right)}\left(r\right).Math.{\mathrm{Enc}}_{pk}^{\left(0\right)}\left(r^{-1}x\right)+En{c}_{pk}^{\left(0\right)}\left(0\right).$

10. The system of claim 9, wherein the machine-readable instructions that when executed by the processor, cause the processor to decrypt encrypted plaintext $C\left(x\right)=\left(\begin{array}{cc}{C}_0& C_1\\ C_2& C_3\end{array}\right),$ where C.sub.iM.sub.2(.sub.m), i=0,1,2,3, (i.e., C.sub.i are 22-matrices over .sub.m) and for (), C.sub.iM.sub.2(), i=0,1,2,3.

11. The system of claim 9, wherein the machine-readable instructions that when executed by the processor, cause the processor to, using the master key (K, K.sup.1) decrypt C.sub.i, i=0,1,2,3 as follows:
KC.sub.iK.sup.1=T.sub.i,i=0,1,2,3.

12. The system of claim 11, wherein the machine-readable instructions that when executed by the processor, cause the processor to form matrix T comprising: $T=\left(\begin{array}{cc}{T}_0& T_1\\ T_2& T_3\end{array}\right),$ wherein each T.sub.i from T represent $T_i=\left(\begin{array}{cc}{T}_{i,0}& T_{i,1}\\ T_{i,2}& T_{i,3}\end{array}\right),$ T, i=0,1, 2, 3.

13. The system of claim 12, wherein the machine-readable instructions that when executed by the processor, cause the processor to select from each T.sub.i element T.sub.i,3.sub.m, i=0,1,2,3 and for T.sub.i,3, and form matrix Z, as follows: $Z=\left(\begin{array}{cc}{T}_{0,3}& T_{1,3}\\ T_{2,3}& T_{3,3}\end{array}\right).$

14. The system of claim 13, wherein the machine-readable instructions that when executed by the processor, cause the processor to compute, using private key (S, S.sup.1), matrix W as follows: $W={\mathrm{SZS}}^{-1}=\left(\begin{array}{cc}{w}_0& w_1\\ w_2& w_3\end{array}\right).$

15. The system of claim 14, wherein the machine-readable instructions that when executed by the processor, cause the processor to extract from the matrix W element w.sub.3, wherein w.sub.3=x.

16. A method for matrix-based public key homomorphic encryption, comprising: acquiring plaintext x required to be encrypted; selecting a size of a matrix and modulus n; selecting invertible matrix S over .sub.n, wherein .sub.n is a residue ring modulo n; computing an invertible matrix S.sup.1 over .sub.n; selecting two random secret keys (S, S.sup.1) and (K, K.sup.1) of a homomorphic encryption scheme (.sub.m), where S and K belong to a ring of -matrix M.sub.l(.sub.m) over residue ring .sub.m with modulus m=pq, where p, q are primes; selecting (K, K.sup.1) as a master key; using the master key to encrypt all elements of matrices S and S.sup.1; obtaining two ciphertexts P.sub.1=Enc.sub.K(S) and P.sub.2=Enc.sub.K(S.sup.1), which both form public key of the (.sub.m) comprising pk=(P.sub.1, P.sub.2), wherein a secret key is sk=((S, S.sup.1), (K, K.sup.1)); and applying the pk and the sk for encryption and decryption of the plaintext x.

17. The method of claim 16, further comprising: selecting the invertible matrix S over , wherein is a field of real numbers; computing the invertible x matrix S.sup.1 over ; selecting two random secret keys (S, S.sup.1) and (K, K.sup.1) of a homomorphic encryption scheme (), where S and K belong to a ring of -matrix M.sub.l() over a field of real numbers ; selecting (K, K.sup.1) as a master key; using the master key to encrypt all elements of matrices S and S.sup.1; obtaining two ciphertexts P=Enc.sub.K(S) and P.sub.2=Enc.sub.K(S.sup.1), which both form public key of the () comprising pk=(P.sub.1, P.sub.2), wherein a secret key is sk=((S, S.sup.1), (K, K.sup.1)); and applying the pk and the sk for encryption and decryption of the plaintext x.

18. The method of claim 16, further comprising calculating calculate S as: $S=\left(\begin{array}{cc}{s}_{1,0}& s_{1,1}\\ s_{1,2}& s_{1,3}\end{array}\right)$ and calculating S.sup.1 as: $S^{-1}=\left(\begin{array}{cc}{S}_{2,0}& S_{2,1}\\ S_{2,2}& S_{2,3}\end{array}\right).$

19. The method of claim 18, further comprising calculating a public key as: $P_{ij}={\mathrm{Enc}}_K\left(S_{i,j}\right)=K^{-1}\left(\begin{array}{cc}{}_{i,j}& 0\\ {}_{i,j}& s_{i,j}\end{array}\right)K,$ where .sub.i,j, .sub.i,j, are chosen at random for all i=1,2 and j=0,1,2,3 for the have public key pk=(P.sub.1, P.sub.2), where: $P_1=\left(\begin{array}{cc}{P}_{1,0}& P_{1,1}\\ P_{1,2}& P_{1,3}\end{array}\right)\mathrm{and}{P}_2=\left(\begin{array}{cc}{P}_{2,0}& P_{2,1}\\ P_{2,2}& P_{2,3}\end{array}\right).$

20. The method of claim 19, wherein the secret key is sk=((S, S.sup.1), (K, K.sup.1)), where (S, S.sup.1) is used as a private key, and (K, K.sup.1) is used as master key for the encryption scheme (.sub.m) and ().

21. The method of claim 16, further comprising, for chosen ciphertext $C=\left(\begin{array}{cc}{C}_0& C_1\\ C_2& C_3\end{array}\right),$ where C is a matrix over .sub.m or , calculate a non-commutative determinant det(C) based on: ${}_0=C_0{C}_3-C_1{C}_2=\left(\begin{array}{cc}{t}_0& t_1\\ t_2& t_3\end{array}\right),$ where t.sub.i.sub.m or for i=0,1,2,3 and
det(C)==t.sub.0t.sub.3t.sub.1t.sub.2.

22. The system of claim 1, wherein ring .sub.m is a commutative ring R comprising any field or polynomial.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate various embodiments of the present disclosure. The drawings may contain representations of various trademarks and copyrights owned by the Applicant. In addition, the drawings may contain other marks owned by third parties and are being used for illustrative purposes only. All rights to various trademarks and copyrights represented herein, except those belonging to their respective owners, are vested in and the property of the Applicant. The Applicant retains and reserves all rights in its trademarks and copyrights included herein, and grants permission to reproduce the material only in connection with reproduction of the granted patent and for no other purpose.

(2) Furthermore, the drawings may contain text or captions that may explain certain embodiments of the present disclosure. This text is included for illustrative, non-limiting, explanatory purposes of certain embodiments detailed in the present disclosure. In the drawings:

(3) FIGS. 1 and 2 illustrate flowcharts of a method for common key generation consistent with the present disclosure;

(4) FIGS. 3 and 4 illustrate flowcharts of a method for encoding process of enveloping the plaintext before the encryption consistent with the present disclosure;

(5) FIGS. 5 and 6 illustrate flowcharts of an encryption process based on matrices multiplication consistent with the present disclosure;

(6) FIGS. 7 and 8 illustrate flowcharts of data decryption consistent with the present disclosure;

(7) FIG. 9A illustrates a network diagram of a system for homomorphic encryption consistent with the present disclosure;

(8) FIG. 9B illustrates a network diagram of a system for homomorphic encryption implemented over a blockchain network consistent with the present disclosure;

(9) FIG. 10 illustrates a network diagram of a system including detailed features of a user computing entity node hosting a homomorphic encryption module consistent with the present disclosure;

(10) FIG. 11 illustrates a block diagram of a system including a computing device for performing the homomorphic encryption methods described herein;

(11) FIG. 12 illustrates flowcharts of a process of Public Key generation in PK(.sub.p) and PK() consistent with the present disclosure;

(12) FIG. 13 illustrates flowcharts of a process of generation of Envelop matrix for PK(.sub.m) and PK() consistent with the present disclosure;

(13) FIG. 14 illustrates a flowchart of a Public Key encryption algorithm for PK(.sub.m) consistent with the present disclosure;

(14) FIG. 15 illustrates a Public Key Encryption algorithm for PK() consistent with the present disclosure;

(15) FIG. 16 illustrates a flowchart of Decryption Dec.sub.sk(PK(.sub.m) consistent with the present disclosure;

(16) FIG. 17 illustrates a flowchart of Decryption Dec.sub.sk(PK() consistent with the present disclosure.

DETAILED DESCRIPTION

(17) As a preliminary matter, it will readily be understood by one having ordinary skill in the relevant art that the present disclosure has broad utility and application. As should be understood, any embodiment may incorporate only one or a plurality of the above-disclosed aspects of the disclosure and may further incorporate only one or a plurality of the above-disclosed features. Furthermore, any embodiment discussed and identified as being preferred is considered to be part of a best mode contemplated for carrying out the embodiments of the present disclosure. Other embodiments also may be discussed for additional illustrative purposes in providing a full and enabling disclosure. Moreover, many embodiments, such as adaptations, variations, modifications, and equivalent arrangements, will be implicitly disclosed by the embodiments described herein and fall within the scope of the present disclosure.

(18) Accordingly, while embodiments are described herein in detail in relation to one or more embodiments, it is to be understood that this disclosure is illustrative and exemplary of the present disclosure and are made merely for the purposes of providing a full and enabling disclosure. The detailed disclosure herein of one or more embodiments is not intended, nor is to be construed, to limit the scope of patent protection afforded in any claim of a patent issuing here from, which scope is to be defined by the claims and the equivalents thereof. It is not intended that the scope of patent protection be defined by reading into any claim a limitation found herein that does not explicitly appear in the claim itself.

(19) Thus, for example, any sequence(s) and/or temporal order of steps of various processes or methods that are described herein are illustrative and not restrictive. Accordingly, it should be understood that, although steps of various processes or methods may be shown and described as being in a sequence or temporal order, the steps of any such processes or methods are not limited to being carried out in any particular sequence or order, absent an indication otherwise. Indeed, the steps in such processes or methods generally may be carried out in various different sequences and orders while still falling within the scope of the present invention. Accordingly, it is intended that the scope of patent protection is to be defined by the issued claim(s) rather than the description set forth herein.

(20) Additionally, it is important to note that each term used herein refers to that which an ordinary artisan would understand such a term to mean based on the contextual use of such term herein. To the extent that the meaning of a term used hereinas understood by the ordinary artisan based on the contextual use of such termdiffers in any way from any particular dictionary definition of such term, it is intended that the meaning of the term as understood by the ordinary artisan should prevail.

(21) Regarding applicability of 35 U.S.C. 112, 6, no claim element is intended to be read in accordance with this statutory provision unless the explicit phrase means for or step for is actually used in such claim element, whereupon this statutory provision is intended to apply in the interpretation of such claim element.

(22) Furthermore, it is important to note that, as used herein, a and an each generally denotes at least one, but does not exclude a plurality unless the contextual use dictates otherwise. When used herein to join a list of items, or denotes at least one of the items, but does not exclude a plurality of items of the list. Finally, when used herein to join a list of items, and denotes all of the items of the list.

(23) The following detailed description refers to the accompanying drawings. Wherever possible, the same reference numbers are used in the drawings and the following description to refer to the same or similar elements. While many embodiments of the disclosure may be described, modifications, adaptations, and other implementations are possible. For example, substitutions, additions, or modifications may be made to the elements illustrated in the drawings, and the methods described herein may be modified by substituting, reordering, or adding stages to the disclosed methods. Accordingly, the following detailed description does not limit the disclosure. Instead, the proper scope of the disclosure is defined by the appended claims. The present disclosure contains headers. It should be understood that these headers are used as references and are not to be construed as limiting upon the subject matter disclosed under the header.

(24) The present disclosure provides a system, method and computer-readable medium for a homomorphic encryption based on matrices and operations on encrypted data. In one embodiment, the system overcomes the limitations of existing encryption systems and methods by leveraging the capabilities of novel matrix-based fully homomorphic encryption. The disclosed approach offers a significant improvement over existing solutions discussed above in the background section.

(25) In one embodiment of the present disclosure, the system provides for operations on encrypted data. A user can search over his encrypted with the disclosed homomorphic encryption scheme data using a homomorphic index feature.

(26) The user can perform all four arithmetic operations over ciphertexts which, for example, permits to compute for statistical computations over encrypted data.

(27) In one embodiment, the user can check integrity of his data without decryption by using Homomorphic Hash feature.

(28) The user can outsource his homomorphically encrypted data, i.e., to get some profit from this asset(s).

(29) With the above-mentioned novel features, the disclosed matrix-based homomorphic encryption provides for complete privacy-preserving data processing compliant with GDPR, HIPAA and other authorities.

(30) According to the disclosed embodiments, the encryption ecosystem consists of many components, almost each of which can function independently but collectively provide a comprehensive approach to multidisciplinary utilization, offering a set of unprecedented advantages and unique properties. The system may be referred to as the Crypto Engine implemented as an encryption module. The unique components include: 1. Key Generator (public/private); 2. Encryption and Decryption Modules and sub-modules; 3. Homomorphic Arithmetic Operations sub-module; 4. Homomorphic Comparison of Cipher Texts functions sub-module; 5. Homomorphic Hash function sub-module; 6. Homomorphic Index function sub-module (for database indexing and searching of the encrypted data) that provides for searchable encryption functionality; and 7. Service keysunique entity serves for FHE Hash or being used as a stand-alone private key used for encryption only.

(31) In the disclosed embodiment, the construction is made only over two classes of ringsresidue rings and real number fields. However, the construction may be generalized over any commutative ring. Specifically, let R be any commutative ring, for instance, integers, rational numbers, complex numbers, polynomials (from one or multiple variables), rational functions et al. At the first level consider ring of 22 matrices over ring R. Let us suppose that generalized conjugacy problem (with assumption of indistinguishability of conjugators) is hard. Then we can construct symmetric homomorphic encryption scheme over this matrix ring similarly as we doing for 22 matrices over residue ring or over real numbers in core Patent. Further, we can construct twisted version and public key version of our homomorphic encryption scheme similarly as we doing this for residue ring or real numbers field. Of course, for public key version it appears 22 matrices over noncommutative ring and it is needed to use non-standard mathematical techniques for various computations. However, for other rings computational overhead will be very significant.

(32) FIGS. 1 and 2 illustrate flowcharts of a method for common key generation consistent with the present disclosure.

(33) Referring to FIGS. 1 and 2, the disclosed method may include one or more of the steps described below. FIGS. 1 and 2 illustrate a flow chart of an example method(s) executed by the homomorphic encryption module that may be hosted on a user computing device or on a server. It should be understood that the method depicted in FIGS. 1 and 2 may include additional operations and that some of the operations described therein may be removed and/or modified without departing from the scope of the disclosed method. The description of the disclosed method is also made with reference to the features depicted in FIG. 10 discussed below for purposes of illustration. Particularly, the processor 204 of the user computing entity node 101 may execute some or all of the operations included in the disclosed method.

(34) With reference to FIGS. 1 and 2, common key generation is disclosed where: matrix size, S.sub.1, S.sub.2invertible matrix, .sub.nresidue ring modulo n, and field of real numbers.

(35) At block 112, the processor 204 may choose matrix size. At block 112, the processor 204 may choose modulus n. The modulus n of residue ring .sub.n may be chosen via security parameter , i.e., n has bitlength (typically the process chooses =256). For simplicity the process may choose =2. At block 113, the processor 204 may select invertible matrix S over .sub.n. In example, invertible 22 matrix S over .sub.n may be chosen based linear algebra transformations. At block 114, the processor 204 may compute invertible matrix S.sub.2 over .sub.n. In example, invertible 22-matrix S.sub.1.sup.1 and S.sub.2.sup.1 over .sub.n may be computed based on linear algebra transformations. At block 115, the processor 204 may set the secret key (S.sub.1, S.sub.2).

(36) Referring to FIG. 2, at block 211, the processor 204 may choose matrix size. For simplicity =2 may be chosen. At block 213, the processor 204 may select invertible matrix S over. At block 215, the processor 204 may compute invertible matrix S.sub.2 over by selecting and computing S.sub.1 and S.sub.1.sup.1, S.sub.2 and S.sub.2.sup.1 based on linear algebra transformations. At block 217, the processor 204 may set the secret key (S.sub.1, S.sub.2).

(37) According to one disclosed embodiment, a Symmetric Key generation schema may be implemented as follows. A matrix S may be computed based on generation of a random matrix R. The matrix R is generated as following: a random -bit integer k (security parameter) is selected; compute power R.sup.k using matrix analogue of algorithm right-to-left binary exponentiation from. By choosing a sufficiently large (e.g., =256), the schema provides high security level maintaining hardness of Discrete Logarithm Problem for such value of .

(38) Finally, we assume S=R.sup.k, compute inverse matrix S.sup.1 end we get symmetric key (S, S.sup.1). We consider this key as the most resistant to any attack, while actually the basic encryption scheme remains the same.

(39) While FIGS. 1 and 2 disclose symmetric key generation, pubic key encryption schema may be implemented with the disclosed matrix-based Fully Homomorphic Encryption method as follows.

(40) Select two invertible 22 random matrices over residue ring .sub.n, representing master key K and private key S. First encryption layer is using master key K as encryption key in basic scenario of symmetric Fully Homomorphic Encryption scheme used to encrypt each element of matrices S and S.sup.1, (S, S.sup.1) is private key.

(41) Specifically, for

(42) $\begin{array}{cc}S=\left(\begin{array}{cc}{s}_{1,0}& s_{1,1}\\ s_{1,2}& s_{1,3}\end{array}\right),& S^{-1}=\left(\begin{array}{cc}{s}_{2,0}& s_{2,1}\\ s_{2,2}& s_{2,3}\end{array}\right),\end{array}$
we compute

(43) $p_{i,j}={\mathrm{Enc}}_K\left(s_{i,j}\right)=K^{-1}\left(\begin{array}{cc}{}_{i,j}& 0\\ {}_{i,j}& s_{i,j}\end{array}\right)K,$

(44) where .sub.i,j, .sub.i,j chosen at random for each i=1,2; j=0,1,2,3. After padding encryption of zero for each p we get secret public key pair:

(45) Secret key sk=(S, S.sup.1), public key pk=(P.sub.1, P.sub.2), where

(46) $\begin{array}{cc}{P}_1=\left(\begin{array}{cc}{p}_{1,0}& p_{1,1}\\ p_{1,2}& p_{1,3}\end{array}\right),& P_2=\left(\begin{array}{cc}{p}_{2,0}& p_{2,1}\\ p_{2,2}& p_{2,3}\end{array}\right).\end{array}$

(47) Encryption via this public key is used as a second encryption layer of the disclosed symmetric FHE scheme. Using its homomorphic properties, we use encrypted secret key (S, S.sup.1) as encryption key. Specifically, first encoding plaintext m by envelop matrix V(m) and compute ciphertext as follows:

(48) $C\left(m\right)=P_{2}V\left(m\right)P_1=\left(\begin{array}{cc}{C}_0& C_1\\ C_2& C_3\end{array}\right),$

(49) where C.sub.0, C.sub.1, C.sub.2, C.sub.3 are four of the 22-matrices over .sub.n.

(50) Decryption is performed in the inverse direction.

(51) First we unlock first encryption layer using master key (K, K.sup.1) for each 22 block of ciphertext C(m).

(52) Specifically, compute T.sub.i=KC.sub.iK.sup.1, for i=0,1,2,3.

(53) For each

(54) $T_i=\left(\begin{array}{cc}{t}_{i,0}& t_{i,1}\\ t_{i,2}& t_{i,3}\end{array}\right),i=0,1,2,3,$
choose t.sub.i,3 and form matrix

(55) $Z=\left(\begin{array}{cc}{t}_{0,3}& t_{1,3}\\ t_{2,3}& t_{3,3}\end{array}\right)$
and compute SZS.sup.1=W. From

(56) $W=\left(\begin{array}{cc}{w}_0& w_1\\ w_2& w_3\end{array}\right)$
extract w.sub.3=m.

(57) The disclosed public key FHE scheme inherits all homomorphic properties of the disclosed symmetric scheme discussed above. The disclosed public key FHE scheme has four homomorphic arithmetic operations over ciphertexts (addition, subtraction, multiplication, division), homomorphic index, homomorphic hash and homomorphic comparison.

(58) FIGS. 3 and 4 illustrate flowcharts of a method for encoding process of enveloping the plaintext before the encryption consistent with the present disclosure.

(59) Referring to FIGS. 3 and 4, the disclosed method may include one or more of the steps described below. FIGS. 3 and 4 illustrate a flow chart of an example method(s) executed by the homomorphic encryption module that may be hosted on a user computing device or on a server. It should be understood that method depicted in FIGS. 3 and 4 may include additional operations and that some of the operations described therein may be removed and/or modified without departing from the scope of the disclosed method. The description of the disclosed method is also made with reference to the features depicted in FIG. 10 discussed below for purposes of illustration. Particularly, the processor 204 of the user computing entity node 101 may execute some or all of the operations included in the disclosed method.

(60) Referring to FIGS. 3 and 4, matrix V(m) will be referred to as an envelope matrix for both settings (i.e., integers and floating-point). With reference to FIGS. 3 and 4, an encoding process of enveloping the plaintext before encryption is shown, where:

(61) .sub.nresidue ring modulo n, Mplaintext, minteger, Venvelop matrix, , random numbers, field of real numbers.

(62) At block 311, the processor 204 may access the plaintext M. The processor 204 may first convert plaintext M to bit string which represents integer m. At block 312, the processor 204 may encode M by integer m over .sub.n. At block 313, the processor 204 may encode m by 22 matrix of the form:

(63) $V\left(m\right)=\left(\begin{array}{cc}& 0\\ & m\end{array}\right),$
where and chosen at random in .sub.n.

(64) In FIG. 4, the processor 204 may first convert plaintext to floating-point number m. At block 411, the processor 204 may access the plaintext M. At block 412, the processor 204 may encode M by floating-point number m over . At block 413, the processor 204 may encode m by 22 matrix of the form:

(65) $V\left(m\right)=\left(\begin{array}{cc}& 0\\ & m\end{array}\right),$
where and are randomly chosen over floating-point numbers.

(66) FIGS. 5 and 6 illustrate flowcharts of an encryption process based on matrices multiplication consistent with the present disclosure.

(67) Referring to FIGS. 5 and 6, the disclosed method may include one or more of the steps described below. FIGS. 5 and 6 illustrate a flow chart of an example method(s) executed by the homomorphic encryption module that may be hosted on a user computing device or on a server. It should be understood that method depicted in FIGS. 5 and 6 may include additional operations and that some of the operations described therein may be removed and/or modified without departing from the scope of the disclosed method. The description of the disclosed method is also made with reference to the features depicted in FIG. 10 discussed below for purposes of illustration. Particularly, the processor 204 of the user computing entity node 101 may execute some or all of the operations included in the disclosed method.

(68) With reference to FIGS. 5 and 6, an encryption process based on matrices multiplication S1, S2 is shown, where:

(69) Z.sub.nresidue ring modulo n, Mplaintext, minteger, Venvelop matrix, S.sub.1, S.sub.2two matrices as a secret key, Cciphertext, field of real numbers.

(70) At block 511, the processor 204 may access the envelope matrix V(m) over .sub.n. At block 512, the processor 204 may compute ciphertext C(m) of plaintext m as follows: C(m)=S.sub.2V(m)S.sub.1, where (S.sub.1, S.sub.2) is a secret key.

(71) Referring to FIG. 6, at block 610 the processor 204 may access the envelope matrix V(m) over . At block 612 the processor 204 may compute ciphertext C(m) of the plaintext m as follows: C(m)=S.sub.2V(m)S.sub.1, where (S.sub.1, S.sub.2) is a secret key.

(72) FIGS. 7 and 8 illustrate flowcharts of data decryption consistent with the present disclosure.

(73) Referring to FIGS. 7 and 8, the disclosed method may include one or more of the steps described below. FIGS. 7 and 8 illustrate a flow chart of an example method(s) executed by the homomorphic encryption module that may be hosted on a user computing device or on a server. It should be understood that method depicted in FIGS. 7 and 8 may include additional operations and that some of the operations described therein may be removed and/or modified without departing from the scope of the disclosed method. The description of the disclosed method is also made with reference to the features depicted in FIG. 10 discussed below for purposes of illustration. Particularly, the processor 204 of the user computing entity node 101 may execute some or all of the operations included in the disclosed method.

(74) FIGS. 7 and 8 illustrate decryption process where:

(75) .sub.nresidue ring modulo n, Mplaintext, minteger, Venvelop matrix, S.sub.1, S.sub.2two matrices as a secret key, Cciphertext, field of real numbers, S.sub.1.sup.1 and S.sub.2.sup.1inverse matrices.

(76) Referring to FIG. 7, at block 711, the processor 204 may access to ciphertext C(m) over .sub.n. At block 712, the processor 204 may compute

(77) 0$S_2^{-1}\left(C\left(m\right)\right)S_1^{-1}=V\left(m\right)$
over .sub.n, using (S.sub.1, S.sub.2). At block 714, the processor 204 may extract plaintext m from the envelop matrix V(m):

(78) $V\left(m\right)=\left(\begin{array}{cc}& 0\\ & m\end{array}\right)$
thus, the process can extract m from (2,2)-position.

(79) Regarding FIG. 8, at block 810, the processor 204 may access to ciphertext C(m) over . At block 811, the processor 204 may compute

(80) $S_2^{-1}\left(C\left(m\right)\right)S_1^{-1}=V\left(m\right)$
over using secret key (S.sub.1, S.sub.2). At block 812, the processor 204 may extract floating point number m from

(81) $V\left(m\right)=\left(\begin{array}{cc}& 0\\ & m\end{array}\right).$

(82) FIG. 9A illustrates a network diagram of a system for homomorphic encryption consistent with the present disclosure.

(83) Referring to FIG. 9A, the example network 100 includes the user computing entity node 101 connected to a relay server node(s) 102 that may be connected to other cloud servers 105 over a network. The user computing entity node 101 may be configured to host a homomorphic encryption module 104. Note that the modules 104 may be implemented on other entities such as servers 102 and 105. The user computing entity node 101 may receive sensitive data from a user 111 as data being entered via an interface or retrieved as searchable stored data 103. The data may be encrypted by the homomorphic encryption module 104 and sent to the relay server 102. The encrypted data may be stored in the encrypted form on a storage 106 and may be further distributed through the network to servers 105 based on the architecture of the system network. The encrypted data from the storage 106 may be retrieved based on the user 111 request and may be provided to the user computing entity node 101 without being decrypted. Note that the data on the storage 106 may be searched in the encrypted form as discussed above based on the nature of the homomorphic encryption schema.

(84) FIG. 9B illustrates an exemplary network diagram of a system for homomorphic encryption implemented over a blockchain network consistent with the present disclosure.

(85) Referring to FIG. 9B, the example network 100 includes the user computing entity node 101 connected to a relay server node(s) 102 that may be connected to other cloud servers 105 over a network. The user computing entity node 101 may be configured to host a homomorphic encryption module 104. Note that the modules 104 may be implemented on other entities such as servers 102 and 105. The user computing entity node 101 may receive sensitive data from a user 111 as data being entered via an interface or retrieved as searchable stored data 103. The data may be encrypted by the homomorphic encryption module 104 and sent to the relay server 102. The encrypted data may be stored in the encrypted form on a storage 106 and may be further distributed through the network to servers 105 based on the architecture of the system network. The encrypted data from the storage 106 may be retrieved based on the user 111 request and may be provided to the user computing entity node 101 without being decrypted. Note that the data on the storage 106 may be searched in the encrypted form as discussed above based on the nature of the homomorphic encryption schema.

(86) In another exemplary embodiment, the system 100 may use a decentralized storage such as a blockchain 110 (see FIG. 9B) that is a distributed storage system, which includes multiple nodes that communicate with each other. The decentralized storage includes an append-only immutable data structure resembling a distributed ledger capable of maintaining records between mutually untrusted parties. The untrusted parties are referred to herein as peers or peer nodes. Each peer maintains a copy of the parameter(s) records and no single peer can modify the records without a consensus being reached among the distributed peers. For example, the peers 101, 102 and 105 (FIG. 9B) may execute a consensus protocol to validate blockchain 110 storage transactions, group the storage transactions into blocks, and build a hash chain over the blocks. This process forms the ledger 109 by ordering the storage transactions, as is necessary, for consistency. In various embodiments, a permissioned and/or a permissionless blockchain can be used. In a public or permissionless blockchain, anyone can participate without a specific identity. Public blockchains can involve assets and use consensus based on various protocols such as Proof of Work (PoW). On the other hand, a permissioned blockchain provides secure interactions among a group of entities which share a common goal such as storing recommendation parameters, but which do not fully trust one another.

(87) This application utilizes a permissioned (private) blockchain that operates arbitrary, programmable logic, tailored to a decentralized storage scheme and referred to as smart contracts or chaincodes. In some cases, specialized chaincodes may exist for management functions and parameters which are referred to as system chaincodes. The application can further utilize smart contracts that are trusted distributed applications which leverage tamper-proof properties of the blockchain database and an underlying agreement between nodes, which is referred to as an endorsement or endorsement policy. Blockchain transactions associated with this application can be endorsed before being committed to the blockchain while transactions, which are not endorsed, are disregarded. An endorsement policy allows chaincodes to specify endorsers for a transaction in the form of a set of peer nodes that are necessary for endorsement. When a client sends the transaction to the peers specified in the endorsement policy, the transaction is executed to validate the transaction. After a validation, the transactions enter an ordering phase in which a consensus protocol is used to produce an ordered sequence of endorsed transactions grouped into blocks.

(88) In one embodiment, the relay server node 102 may retrieve data requested by the user 111 from the permissioned blockchain 110 ledger 109 based on a consensus between the user computing entity node 101 and at least the relay server node 102. The encrypted user data received from the user computing entity node 101 may be also recorded on the ledger 109 of the blockchain 110. In this exemplary implementation the relay server node 102, the cloud servers 105, the user computing entities(s) such as the entity 101 may serve as blockchain 110 peer nodes. In one embodiment, local data from the databases 103 may be encrypted and the encrypted data 106 and remote data from the database 116 may be duplicated on the blockchain ledger 109 for higher security of storage.

(89) In one embodiment, the system 100 provides for searchable encryptioni.e., the encrypted database 106 maybe searched without decryption of any stored records. The encryption methods provided herein allow to build homomorphic index which can be used in the databases 106 for indexing ciphertexts. This may allow to significantly speed up the general database 106 performance and in addition allows to search over encrypted data.

(90) In one embodiment, verifiable encryption and ZKP (Zero Knowledge Proofs) may be implemented with the disclosed homomorphic encryption schema that allows to generate a proof of the computation correctness. In one embodiment, proprietary algorithm may be used that is based on constructing a correctness proof based on noncommutative matrix Rings M.sub.2(.sub.n).

(91) FIG. 10 illustrates a network diagram of a system including detailed features of a user computing entity node consistent with the present disclosure.

(92) Referring to FIG. 10, the example network includes the user computing entity node 101 configured to host a homomorphic encryption module 104 (see FIGS. 9A-B). As discussed above with respect to FIGS. 9A-B, the user computing entity node 101 may receive user's unsecured data (plain text data) data 202.

(93) The user computing entity node 101 may process the data via the homomorphic encryption module 104 to generate the encrypted data that may be distribute dover network based on need. In one embodiment, the encrypted data 202 may be recorded on ledger 109 of the blockchain 110.

(94) While this example describes in detail only one user computing entity node 101, multiple such nodes may be connected to the network and to the blockchain 110. It should be understood that the user computing entity node 101 may include additional components and that some of the components described herein may be removed and/or modified without departing from a scope of the user computing entity node 101 disclosed herein. The user computing entity node 101 may be a computing device or a server computer, or the like, and may include a processor 204, which may be a semiconductor-based microprocessor, a central processing unit (CPU), an application specific integrated circuit (ASIC), a field-programmable gate array (FPGA), and/or another hardware device. Although a single processor 204 is depicted, it should be understood that the user computing entity node 101 may include multiple processors, multiple cores, or the like, without departing from the scope of the FIC user computing entity node 101 system.

(95) The user computing entity node 101 may also include a non-transitory computer readable medium 212 that may have stored thereon machine-readable instructions executable by the processor 204. Examples of the machine-readable instructions are shown as 214-224 and are further discussed below. Examples of the non-transitory computer readable medium 212 may include an electronic, magnetic, optical, or other physical storage device that contains or stores executable instructions. For example, the non-transitory computer readable medium 212 may be a Random-Access memory (RAM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a hard disk, an optical disc, or other type of storage device.

(96) The processor 204 may fetch, decode, and execute the machine-readable instructions 214 to acquire plaintext M required to be encrypted. The processor 204 may fetch, decode, and execute the machine-readable instructions 216 to select a size of a matrix f and modulus n. The processor 204 may fetch, decode and execute the machine-readable instructions 218 to select invertible matrix S.sub.1 over .sub.n, wherein .sub.n is a residue ring modulo n. The processor 204 may fetch, decode, and execute the machine-readable instructions 220 to compute an invertible matrix S.sub.2 over .sub.n.

(97) The processor 204 may fetch, decode, and execute the machine-readable instructions 222 to set a secret key (S.sub.1, S.sub.2). The processor 204 may fetch, decode, and execute the machine-readable instructions 224 to encode the plaintext M by an integer m over .sub.n, wherein m is encoded by an envelope matrix comprising a form

(98) $V\left(m\right)=\left(\begin{array}{cc}& 0\\ & m\end{array}\right),$
wherein and are numbers chosen at random , .sub.n.

(99) As a non-limiting example, the consensual approval of the transactions may be associated with recording of the encrypted data on the blockchain 110. The permissioned blockchain 110 may be configured to use one or more smart contracts that manage transactions for multiple participating nodes and for recording the transactions on the ledger 109.

(100) As discussed above, the system in accordance with the disclosed embodiments may execute homomorphic operations over encrypted data (without decryption).

(101) Homomorphic Addition

(102) In order to compute ciphertext C(m.sub.1+m.sub.2) for given ciphertext C(m.sub.1) and C(m.sub.2) of plaintexts m.sub.1 and m.sub.2 the following is performed.

(103) For

(104) $C\left(m_1\right)=S_{2}V\left(m_1\right)S_1,V\left(m_1\right)=\left(\begin{array}{cc}& 0\\ & m_1\end{array}\right)$
where: m.sub.1plaintext, Venvelop matrix, S.sub.1, S.sub.2two matrices as a secret key, Cciphertext, , random numbers.

(105) For

(106) $C\left(m_2\right)=S_{2}V\left(m_2\right)S_1,V\left(m_2\right)=\left(\begin{array}{cc}& 0\\ & m_2\end{array}\right)$
where: m.sub.2plaintext, Venvelop matrix, S.sub.1, S.sub.2two matrices as a secret key, Cciphertext, , random numbers.

(107) The system computes:

(108) $C\left(m_1\right)+C\left(m_2\right)=\left(S_{2}V\left(m_1\right)S_1\right)+\left(S_{2}V\left(m_2\right)S_1\right)=S_2\left(V\left(m_1\right)+V\left(m_2\right)\right)S_1=S_{2}V\left(m_1+m_2\right)S_1=C\left(m_1+m_2\right),$
because

(109) $V\left(m_1\right)+V\left(m_2\right)=\left(\begin{array}{cc}& 0\\ & m_1\end{array}\right)+\left(\begin{array}{cc}& 0\\ & m_2\end{array}\right)=\left(\begin{array}{cc}+& 0\\ +& m_1+m_2\end{array}\right)=V\left(m_1+m_2\right),$

(110) Where:

(111) m.sub.1, m.sub.2plaintext, Venvelop matrix, S.sub.1, S.sub.2two matrices as a secret key, Cciphertext, , , , ,random numbers.

(112) Homomorphic Subtraction.

(113) The system computes ciphertext C(m.sub.1m.sub.2) for given ciphertext C(m.sub.1) and C(m.sub.2) of plaintexts m.sub.1 and m.sub.2. For

(114) $C\left(m_1\right)=S_{2}V\left(m_1\right)S_1,V\left(m_1\right)=\left(\begin{array}{cc}& 0\\ & m_1\end{array}\right),$
where: m.sub.1plaintext, Venvelop matrix, S.sub.1, S.sub.2two matrices as a secret key, Cciphertext, , random numbers.

(115) 0$C\left(m_2\right)=S_{2}V\left(m_2\right)S_1,V\left(m_2\right)=\left(\begin{array}{cc}& 0\\ & m_2\end{array}\right),$
where: m.sub.2plaintext, Venvelop matrix, S.sub.1, S.sub.2two matrices as a secret key, Cciphertext, , random numbers.

(116) Compute

(117) $C\left(m_1\right)-C\left(m_2\right)=\left(S_{2}V\left(m_1\right)S_1\right)-\left(S_{2}V\left(m_2\right)S_1\right)=S_2\left(V\left(m_1\right)-V\left(m_2\right)\right)S_1=S_{2}V\left(m_1-m_2\right)S_1=C\left(m_1-m_2\right),$
because

(118) $V\left(m_1\right)-v\left(m_2\right)=\left(\begin{array}{cc}& 0\\ & m_1\end{array}\right)-\left(\begin{array}{cc}& 0\\ & m_2\end{array}\right)=\left(\begin{array}{cc}-& 0\\ -& m_1-m_2\end{array}\right)=V\left(m_1-m_2\right),$
where: m.sub.1, m.sub.2plaintexts, Venvelop matrix, S.sub.1, S.sub.2two matrices as a secret key, Cciphertext, , , , ,random numbers.
Homomorphic Multiplication

(119) For given ciphertext C(m.sub.1) and C(m.sub.2) with associated plaintext m.sub.1 and m.sub.2 system needs to multiply them.
C(m.sub.1).Math.C(m.sub.2)=(S.sub.2V(m.sub.1)S.sub.1)(S.sub.2V(m.sub.2)S.sub.1), where: m.sub.1, m.sub.2plaintext, Venvelop matrix, S.sub.1, S.sub.2two matrices as a secret key, Cciphertext.

(120) To achieve C(m.sub.1m.sub.2) the S.sub.1S.sub.2 need to be removed within multiplication factors. The simplest way to achieve this is to restrict relationship between S.sub.1 and S.sub.2 as follows: S.sub.2=S.sub.1.sup.1.

(121) Then, S.sub.1.Math.S.sub.2=Iidentity matrix, where: m.sub.1, m.sub.2plaintext, S.sub.1, S.sub.2two matrices as a secret key, Cciphertext, random number, S.sub.1.sup.1inverse matrix.

(122) This scenario may be considered as a base scenario. Further, it is demonstrated that in the base scenario the disclosed encryption scheme leads to many useful features such as homomorphic index, homomorphic hash and homomorphic comparison. But trade-off between security and usability leads to increase attacks in the base scenario. To increase security and then decrees usability of our scheme, the enhanced scenario may be considered as follows: S.sub.2=LS.sub.1.sup.1, where

(123) $L=\left(\begin{array}{cc}& 0\\ 0& \end{array}\right),$
is random invertible number in .sub.n or , where: Venvelop matrix, S.sub.1, S.sub.2two matrices as a secret key, Cciphertext, random number, .sub.nresidue ring modulo n, field of real numbers, Lscalar matrix, S.sub.1.sup.1inverse matrix.

(124) Below it is demonstrated that all of the above useful features remain in some modified form.

(125) (i) Base Scenario:

(126) Compute

(127) $C\left(m_1\right).Math.C\left(m_2\right)=\left(S^{-1}V\left(m_1\right)S\right)\left(S^{-1}V\left(m_2\right)S\right)=S^{-1}V\left(m_1\right).Math.V\left(m_2\right)S=S^{-1}V\left(m_1{m}_2\right)S=C\left(m_1{m}_2\right),$
where: m.sub.1, m.sub.2plaintext, Venvelop matrix, S.sub.1, S.sub.2two matrices as a secret key, Cciphertext, , , , ,random numbers, S, S.sup.1 are literally S.sub.1, S.sub.2.
(ii) Enhanced Scenario:

(128) Consider ciphertext C(.sup.2)=LS.sup.1V(.sup.2)S, where define

(129) $V\left({}^{-2}\right)=\left(\begin{array}{cc}& 0\\ & {}^{-2}\end{array}\right)$
and

(130) $L=\left(\begin{array}{cc}& 0\\ 0& \end{array}\right),$
where .sup.2inverse power 2 of , Venvelop matrix, Cciphertext, , ,random numbers, S is literally S.sub.1half of the secret key, S.sub.2=LS.sup.1 is another half of secret key.

(131) Compute

(132) $C\left(m_1\right)C\left(m_2\right).Math.C\left({}^{-2}\right)=\left({\mathrm{LS}}^{-1}V\left(m_1\right)S\right)\left({\mathrm{LS}}^{-1}V\left(m_2\right)S\right)\left({\mathrm{LS}}^{-1}V\left({}^{-2}\right)S\right)=L^3\left(S^{-1}V\left(m_1\right).Math.V\left(m_2\right)V\left({}^{-2}\right)S\right)=L^3\left(S^{-1}V\left(\frac{m_1{m}_2}{{}^2}\right)S\right)={\mathrm{LS}}^{-1}\left[L^{2}V\left(\frac{m_1{m}_2}{{}^2}\right)\right]S={\mathrm{LS}}^{-1}V\left(m_1{m}_2\right)S=C\left(m_1{m}_2\right),$
where: m.sub.1, m.sub.2plaintext, Venvelop matrix, Cciphertext, S, LS.sup.1 are literally S.sub.1, S.sub.2 secret key, L.sup.3scalar matrix power 3, .sup.2inverse power 2 of , L.sup.2scalar matrix power 2.

(133) Therefore, in the enhanced scenario to perform homomorphic multiplication the matrix multiplication was in focus in order to somewhat decrease performance.

(134) Homomorphic Division

(135) (i) Base Scenario. The Goal is to Achieve Ciphertext:

(136) $C\left(\frac{1}{m}\right)$
for given ciphertext C(m), where
C(m)=S.sup.1V(m)S compute[C(m)].sup.1=S.sup.1(V(m)).sup.1S

(137) ${\left(V\left(m\right)\right)}^{-1}={\left(\begin{array}{cc}& 0\\ & m\end{array}\right)}^{-1}=\left(\begin{array}{cc}\frac{1}{}& 0\\ -\frac{}{m}& \frac{1}{m}\end{array}\right)=V\left(\frac{1}{m}\right).$

(138) Compute

(139) 0${\left(C\left(m\right)\right)}^{-1}=S^{-1}V\left(\frac{1}{m}\right)S=C\left(\frac{1}{m}\right)$
where: mplaintext, V(m).sup.1inverse envelop matrix, Venvelop matrix, Cciphertext, , random numbers, S, S.sup.1 are literally S.sub.1, S.sub.2 secret key.
(ii) Enhanced Scenario

(140) Define

(141) $V\left(\right)=\left(\begin{array}{cc}& 0\\ & \end{array}\right)$
then C(S)=LS.sup.1V()S end

(142) $L=\left(\begin{array}{cc}& 0\\ 0& \end{array}\right),$
where: Venvelop matrix, Cciphertext, S, LS.sup.1 are literally S.sub.1, S.sub.2 secret key, , , random numbers.

(143) Compute

(144) ${\left(C\left(m\right)\right)}^{-1}.Math.C\left(\right)=\left(L^{-1}{S}^{-1}V\left(\frac{1}{m}\right)S\right)\left({\mathrm{LS}}^{-1}V\left(\right)S\right)=S^{-1}V\left(\frac{1}{m}\right).Math.L\left(\begin{array}{cc}\frac{1}{}& 0\\ 0& \frac{1}{}\end{array}\right)\left(\begin{array}{cc}\frac{1}{}& 0\\ \frac{}{m}& \frac{1}{m}\end{array}\right)\left(\begin{array}{cc}& 0\\ & \end{array}\right)S={\mathrm{LS}}^{-1}\left(\begin{array}{cc}*& 0\\ **& \frac{1}{m}\end{array}\right)S=C\left(\frac{1}{m}\right),$
where: mplaintext, Venvelop matrix, Cciphertext, S, LS.sup.1 are literally S.sub.1, S.sub.2, , , random numbers, L.sup.1inverse matrix, *neglectable result of multiplications in the current scope.

(145) The system may homomorphically compute inverse for m by price of multiplying one matrix, which gives somewhat decreased performance.

(146) According to one disclosed embodiment a homomorphic index may be implemented as follows. The disclosed encryption scheme has such useful feature as Hom Ind (Homomorphic Index), which gives possibility to search over ciphertexts based on the property providing that if two encrypted records have the same Hom Ind, then corresponding plaintexts are equal.

(147) Let ciphertext

(148) $C\left(m\right)=\left(\begin{array}{cc}{C}_0& C_1\\ C_2& C_3\end{array}\right),$
then determinant det[C(m)]=C.sub.0C.sub.3-C.sub.1C.sub.2.

(149) On the other hand, C(m)=S.sub.2V(m)S.sub.1, then
det[C(m)]=det(S.sub.2).Math.det(V(m)).Math.det(S.sub.1).

(150) (i) Base scenario C(m)=S.sup.1V(m)S then
det[C(m)]=det(S.sup.1).Math.det(S).Math.detV(m)

(151) $V\left(m\right)=\left(\begin{array}{cc}& 0\\ & m\end{array}\right).Math.\det \left(V\left(m\right)\right)=m,\mathrm{then}\det \left[C\left(m\right)\right]=m,$
where: mplaintext, Cciphertext, C.sub.0, C.sub.1, C.sub.2, C.sub.3elements of matrix ciphertexts, detdeterminant of a matrix, Venvelop matrix, S.sub.1, S.sub.2two matrices as a secret key, S, S.sup.1 are literally S.sub.1, S.sub.2, random number.

(152) Define for plaintext m
Hom Ind(m)=det[C(m).

(153) Let under encryption of dataset random number a in V(m) be fixed invertible for all plaintexts m from this dataset. Suppose for plaintexts m.sub.1 and m.sub.2:
Hom Ind(m.sub.1)=Hom Ind(m.sub.2).

(154) Because Hom Ind (m)=det(C(m))=am then we have m.sub.1=m.sub.2. Because is invertible number, then m.sub.1=m.sub.2, where: mplaintext, Cciphertext, detdeterminant of a matrix, Venvelop matrix, random number.
(ii) Enhanced Scenario.

(155) Let Hom Ind(m.sub.1)=Hom Ind(m.sub.2).
Hom Ind(m.sub.1)=det(C(m.sub.1))=det[LS.sup.1V(m.sub.1)S]=.sup.2.Math.m.sub.1.

(156) Analogously, Hom Ind(m.sub.2)=.sup.2m.sub.2.

(157) If Hom Ind(m.sub.1)=Hom Ind(m.sub.2), then .sup.2.Math.m.sub.1=.sup.2m.sub.2 and due to and are invertible numbers, we have m.sub.1=m.sub.2, where: m, m.sub.1, m.sub.2plaintexts, Cciphertexts, detdeterminant of a matrix, Venvelop matrix, S, S.sup.1 are literally S.sub.1, S.sub.2, and , , .sup.2random numbers, Lscalar matrix.
Homomorphic Comparison

(158) Let C(m.sub.1) and C(m.sub.2) be ciphertexts of plaintexts m.sub.1 and m.sub.2 correspondingly. For C(m.sub.1)=S.sub.2V(m)S.sub.1 and C(m.sub.2)=S.sub.2V(m.sub.2)S.sub.1, where: m.sub.1, m.sub.2plaintexts, Cciphertexts, Venvelop matrix, S.sub.1, S.sub.2secret keys the system needs to check (without decryption) that the equality m.sub.1=m.sub.2 holds true.
(i) Base Scenario.

(159) $C\left(m_1\right)=S^{-1}V\left(m_1\right)S,C\left(m_2\right)=S^{-1}V\left(m_2\right)S,$$V\left(m_1\right)=\left(\begin{array}{cc}& 0\\ & m_1\end{array}\right),V\left(m_2\right)=\left(\begin{array}{cc}& 0\\ & m_2\end{array}\right).$

(160) Compute

(161) $C\left(m_1\right)-C\left(m_2\right)=S^{-1}\left(\begin{array}{cc}-& 0\\ -& m_1-m_2\end{array}\right)S.$

(162) At the one hand,

(163) $C\left(m_1\right)-C\left(m_2\right)=C\left(m_1-m_2\right)=\left(\begin{array}{cc}{C}_0& C_1\\ C_2& C_3\end{array}\right).$

(164) where: m.sub.1, m.sub.2plaintexts, Cciphertext, C.sub.0, C.sub.1, C.sub.2, C.sub.3elements, Venvelop matrix, S, S.sup.1 are literally S.sub.1, S.sub.2 secret keys, , , , ,random numbers.
Compute:=det[C(m.sub.1m.sub.2)]=C.sub.0C.sub.3C.sub.1C.sub.2.

(165) On the other hand, C(m.sub.1m.sub.2)=S.sup.1V(m.sub.1m.sub.2)S.

(166) Then
det[C(m.sub.1m.sub.2)]=det(S).Math.det(S.sup.1).Math.()(m.sub.1m.sub.2)=()(m.sub.1m.sub.2), where: m.sub.1, m.sub.2plaintexts, mplaintext, Cciphertext, C.sub.0, C.sub.1, C.sub.2, C.sub.3elements, detdeterminant of a matrix, Venvelop matrix, S, S.sup.1 are literally S.sub.1, S.sub.2 secret keys, , , , ,random numbers, value of determinant.

(167) Because random numbers and are chosen independently, 0 with overwhelming probability. Also, =()(m.sub.1m.sub.2), then

(168) $m_1=m_2=\frac{}{-}$
with overwhelming probability.

(169) Where: m.sub.1, m.sub.2plaintexts, , ,random numbers, value of determinant.

(170) Therefore:
(a)=0m.sub.1=m.sub.2;

(171) 0$\begin{array}{cc}\frac{}{-}.Math.0m_1.Math.m_2;& \left(b\right)\end{array}$$\begin{array}{cc}\frac{}{-}.Math.0m_1.Math.m_2.& \left(c\right)\end{array}$

(172) Where: m.sub.1, m.sub.2plaintext, , ,random numbers, value of determinant.

(173) Note that is, as assumed above, a is a fixed random number in V(m.sub.1) and V(m.sub.2), then =0 and (a)-(c) do not hold.

(174) (i) Enhanced Scenario.
C(m.sub.1)=LS.sup.1V(m.sub.1)S
C(m.sub.2)=LS.sup.1V(m.sub.2)S

(175) $C\left(m_1\right)-C\left(m_2\right)={\mathrm{LS}}^{-1}V\left(m_1-m_2\right)S=\left(\begin{array}{cc}{C}_0& C_1\\ C_2& C_3\end{array}\right)$$\det \left(C\left(m_1-m_2\right)\right)==C_0{C}_3-C_1{C}_2.$

(176) Where: detdeterminant, m.sub.1, m.sub.2plaintext, Cciphertext, C.sub.0, C.sub.1, C.sub.2, C.sub.3-elements, detdeterminant of a matrix, Venvelop matrix, S, LS.sup.1 are literally S.sub.1, S.sub.2 secret keys, Lscalar matrix, value of determinant.

(177) On the other hand, we have

(178) =(det L) det(S.sup.1) det(S) ()(m.sub.1m.sub.2)=.sup.2()(m.sub.1m.sub.2).

(179) Where: detdeterminant, m.sub.1, m.sub.2plaintext, detdeterminant of a matrix, S, LS.sup.1 are literally S.sub.1, S.sub.2 secret keys, , ,random numbers, value of determinant, .sup.2random num power 2, Lscalar matrix.

(180) As above, 0 with overwhelming probability.

(181) Therefore,

(182) $m_1-m_2=\frac{}{{}^2\left(-\right)}.$
(a)=0m.sub.1=m.sub.2;

(183) $\begin{array}{cc}\frac{}{{}^2\left(-\right)}.Math.0m_1.Math.m_2;& \left(b\right)\end{array}$$\begin{array}{cc}\frac{}{{}^2\left(-\right)}.Math.0m_1.Math.m_2.& \left(c\right)\end{array}$

(184) Where: m.sub.1, m.sub.2plaintext, detdeterminant of a matrix, S, LS.sup.1 are literally S.sub.1, S.sub.2 secret keys, , ,random numbers, value of determinant, .sup.2random num power 2.

(185) Second solution. Assume = here.

(186) (i) Base Scenario, Compute:

(187) $\frac{c\left(m_1\right)}{c\left(m_2\right)}=C\left(m_1\right).Math.{\left[C\left(m_2\right)\right]}^{-1}=\left(\begin{array}{cc}{C}_0& C_1\\ C_2& C_3\end{array}\right)==\left(S^{-1}V\left(m_1\right)S\right).Math.\left(S^{-1}V\left(\frac{1}{m_2}\right)S\right)=S^{-1}V\left(\frac{m_1}{m_2}\right)S=C\left(\frac{m_1}{m_2}\right),$

(188) $V\left(m_1\right)=\left(\begin{array}{cc}& 0\\ & m_1\end{array}\right),V\left(m_2\right)=\left(\begin{array}{cc}& 0\\ & m_2\end{array}\right),V\left(\frac{1}{m_2}\right)={\left(V\left(m_2\right)\right)}^{-1}=\left(\begin{array}{cc}\frac{1}{}& 0\\ \frac{-}{m_2}& \frac{1}{m_2}\end{array}\right),$

(189) $=\det \left(\frac{C\left(m_1\right)}{C\left(m_2\right)}\right)=\det \left[C\left(\frac{m_1}{m_2}\right)\right]=C_0{C}_3-C_1{C}_2.$

(190) Where: m.sub.1, m.sub.2plaintext, Cciphertext, C.sub.0, C.sub.1, C.sub.2, C.sub.3elements of matrix ciphertext, detdeterminant of a matrix, Venvelop matrix, S, S.sup.1 are literally S.sub.1, S.sub.2 secret keys, , , ,random numbers, value of determinant.

(191) On the other hand,

(192) $=\det \left(V\left(m_1\right)\right).Math.\det \left(V\left(\frac{1}{m_2}\right)\right)=m_1.Math.\frac{1}{a{m}_2}=\frac{m_1}{m_2}.$$=\frac{m_1}{m_2}.$
(a)=1m.sub.1=m.sub.2;
(b)>1m.sub.1>m.sub.2;
(c)<1m.sub.1<m.sub.2.

(193) Where: m.sub.1, m.sub.2plaintext, detdeterminant of a matrix, Venvelop matrix, , random number, value of determinant.

(194) (ii) Enhanced Scenario, Second Solution:

(195) For given ciphertexts C(m.sub.1) and C(m.sub.2) we want computing ciphertext

(196) $C\left(\frac{m_1}{m_2}\right).$

(197) We have
C(m.sub.1)=LS.sup.1V(m.sub.1)S,C(m.sub.2)=LS.sup.1V(m.sub.2)S.

(198) Compute

(199) $C\left(\frac{1}{m_2}\right)={\left[C\left(m_2\right)\right]}^{-1}.Math.C\left(\right)=\left(S^{-1}V\left(\frac{1}{m_2}\right)S.Math.L^{-1}\right).Math.\left({\mathrm{LS}}^{-1}V\left(\right)S\right)$

(200) 0$C\left(m_1\right).Math.C\left(\frac{1}{m_2}\right).Math.C\left({}^{-2}\right)=C\left(\frac{m_1}{m_2}\right)=\left(\begin{array}{cc}{C}_0& C_1\\ C_2& C_3\end{array}\right).$

(201) $\mathrm{Denote}=\det \left(C\left(\frac{m_1}{m_2}\right)\right).$
=C.sub.0C.sub.3C.sub.1C.sub.2.

(202) Where: m.sub.1, m.sub.2plaintext, Cciphertext, C.sub.0, C.sub.1, C.sub.2, C.sub.3elements of matrix ciphertexts, detdeterminant of a matrix, Venvelop matrix, S, LS.sup.1 are literally S.sub.1, S.sub.2 secret keys, value of determinant, random number, .sup.2inverse of power two of , Lscalar matrix, L.sup.1 inverse of scalar matrix, random number.

(203) On the other hand,

(204) $=\det \left[C\left(m_1\right)\right].Math.\det \left[C\left(\frac{1}{m_2}\right)\right].Math.\det \left[C\left({}^2\right)\right].Math.\det \left[C\left(\right)\right]$$\det \left[C\left(m_1\right)\right]=\det L.Math.\det \left(V\left(m_1\right)\right)={}^2.Math.m_1.$

(205) $\det \left[C\left(\frac{1}{m_2}\right)\right]=\det \left[{C\left(m_2\right)}^{-1}\right].Math.\det \left(C\left(\right)\right)=$$={\left(\det L\right)}^{-1}.Math.\det \left(V\left(\frac{1}{m_2}\right)\right)={}^{-2}.Math.\frac{1}{m_2},$
det[C(.sup.2)]=det(L).Math.det[V(.sup.2)].sup.2.Math..Math..sup.2=,
detC()=.sup.2.Math.=.sup.3.

(206) Where: m.sub.1, m.sub.2plaintext, Cciphertext, detdeterminant, Venvelop matrix, , ,random numbers, value of determinant, random number, .sup.2inverse of power two of , Lscalar matrix.

(207) Therefore,

(208) $=\left({}^2.Math.m_1\right).Math.\left({}^{-2}\frac{1}{m_2}\right).Math.\left({}^3\right).Math.=\frac{m_1}{m_2}.Math.{}^2{}^3$

(209) Then

(210) $\frac{m_1}{m_2}=\frac{}{{}^2{}^3}.$

(211) We have the following possibilities:

(212) $\begin{array}{cc}\frac{V}{{}^2{}^3}=1.Math.m_1=m_2& \left(i\right)\end{array}$$\begin{array}{cc}\frac{V}{{}^2{}^3}.Math.1.Math.m_1.Math.m_2& \left(\mathrm{ii}\right)\end{array}$$\begin{array}{cc}\frac{V}{{}^2{}^3}.Math.1.Math.m_1.Math.m_2.& \left(\mathrm{iii}\right)\end{array}$

(213) Where: m.sub.1, m.sub.2plaintext, , , , ,random numbers, value of determinant, -random number, .sup.2inverse of power two of , .sup.2.sup.3product of power two of a and power of three .

(214) Homomorphic Hash

(215) In one embodiment, the homomorphic hash is implemented as follows.

(216) The discloses scheme may homomorphically perform universal hash function as encryption overall universal hash result with the proprietary cipher by computing HomHash(m) for plaintext m at initial time and at current time. If these homomorphic indices are equal, then the integrity of m holds, otherwise it does not. The system uses unique entities as keys, which are asymmetric secret keys, but in proposed terminology these are 2 service keys. The first key is for the first reference session and the second key is for the second session. None of these keys can be used to decrypt ciphertext, and the comparison operation is performing over ciphertexts only.

(217) This feature also needed in the case when users can encrypt their plaintexts, which requires a public key (e.g., asymmetric secret key based on terminology used herein) for encryption. This new feature is described in detail below.

(218) A hash sum based on Fully Homomorphic encryption is a fully unique type of entity suitable only for current proposed math. Fundamentals cannot be implemented based on any of traditional FHE schemes.

(219) h.sub.a,b(x)=((ax+b) mod p) mod n, where p is prime, a and b chosen randomly modulo p.

(220) 1. Encrypt random parameters a and b by secret key S, S.sup.1:

(221) $C\left(a\right)=S^{-1}V\left(a\right)S,V\left(a\right)=\left(\begin{array}{cc}& 0\\ & a\end{array}\right)-,-\mathrm{random};$$C\left(b\right)=S^{-1}V\left(b\right)S,V\left(b\right)=\left(\begin{array}{cc}& 0\\ & b\end{array}\right)-,-\mathrm{random}.$

(222) Where, h.sub.a,b(x)=universal hash function, m.sub.1, m.sub.2plaintext, , , , ,random numbers, Venvelop matrix, h.sub.a,b, a,brandom parameters from universal hash, S, S.sup.1secret key.

(223) 2. User U encrypts by its service key P plaintext m as initial round of Hom Hash:

(224) $En{c}_{P_U}\left(m\right)=\left(\begin{array}{cc}{C}_0& C_1\\ C_2& C_3\end{array}\right),$
HomHash.sub.1(m)=C(a)Enc.sub.p.sub.U(m)+C(b).

(225) Where: Enc.sub.p.sub.Uciphertext after using the first service key, C, C.sub.0, C.sub.1, C.sub.2, C.sub.3ciphertexts, mplaintext.

(226) 3. To perform second round of Hom Hash, user is given new(another) service key Q.sub.U and encrypts by him current plaintext m:

(227) $En{c}_{Q_U}\left(m^{}\right)=\left(\begin{array}{cc}{C}_0^{}& C_1^{}\\ C_2^{}& C_3^{}\end{array}\right).$

(228) 4. Compute Hom Hash.sub.2(m)=C(a).Math.Enc.sub.Q.sub.U(m)+C(b).

(229) Where: Enc.sub.Q.sub.U ciphertext after using second service key, Cciphertext, C.sub.0C.sub.1, C.sub.2C.sub.3elements of matrix ciphertexts, mplaintext, a,brandom parameters from universal hash function.

(230) 5. Check integrity of plaintext m by the following: a)

(231) 0$\mathrm{Hom}{\mathrm{Hash}}_1\left(m\right)-\mathrm{Hom}{\mathrm{Hash}}_2\left(m^{}\right)=T=\left(\begin{array}{cc}{t}_0& t_1\\ t_2& t_3\end{array}\right);$ b) Compute det T=; c) det T=f(, ).Math..Math.(mm); d)

(232) $\{\begin{array}{c}=0.Math.m=m^{}-\mathrm{integrity}\mathrm{holds}\\ 0.Math.m{m}^{}-\mathrm{integrity}\mathrm{fails}.\end{array}$

(233) Where: Tmatrix of hashes difference, to, t.sub.1, t.sub.2, t.sub.3elements of matrix T, m, mplaintexts, a,brandom params from universal hash, det Tdeterminant of a matrix T, f(, )result of intermediate computation on position (1, 1) of envelop matrix V((mm)), result of comparison.
Service Keys

(234) Basic principles of the disclosed service keys are: 1) case for FHE Hash, when the system produces and stores only service session keys without a secret, where Service key 1is for a reference session and key 2 for the second session as a comparison. 2) When the system produces both a secret key and a service key. In the second case, a single secret key might be used to generate plenty (thousands or hundreds) of service keys which can be used only for encryption, while the single secret key can decrypt like a master key.

(235) So, secret key holder computes service key with aim that users can encrypt their data. But this encryption key is viewed as a private asymmetric user key, so it cannot be considered as a public key. Thus, is referred to as a secret service key.

(236) To compute the service key, secret key holder does the following:

(237) Denote matrices S.sub.1 and S.sub.2 as

(238) $S=\left(\begin{array}{cc}{S}_{1,0}& S_{1,1}\\ S_{1,2}& S_{1,3}\end{array}\right),S^{-1}=\left(\begin{array}{cc}{S}_{2,0}& S_{2,1}\\ S_{2,2}& S_{2,3}\end{array}\right),S,S^{-1}-\mathrm{secret}\mathrm{key}.$

(239) For plaintext m let us consider enhanced scenario

(240) $V\left(m\right)=\left(\begin{array}{cc}& 0\\ & m\end{array}\right).$
C(m)=LS.sup.1V(m)S, where

(241) $L=\left(\begin{array}{cc}& 0\\ 0& \end{array}\right).$

(242) Where: mplaintext, , random numbers, Venvelop matrix, S, LS.sup.1secret key, Lscalar matrix, , , random number.

(243) Service key P=(p.sub.0, P.sub.1, . . . , p.sub.7) is used for encryption as follows: for ciphertext

(244) $c\left(m\right)=\left(\begin{array}{cc}{c}_0& c_1\\ c_2& c_3\end{array}\right)$
we have
c.sub.0=p.sub.0+p.sub.1.Math.m,
c.sub.1=p.sub.2+p.sub.3.Math.m,
c.sub.2=p.sub.4+p.sub.5.Math.m,
c.sub.3=p.sub.6+p.sub.7.Math.m.

(245) Where: mplaintext, Cciphertext, C.sub.0, C.sub.1, C.sub.2, C.sub.3elements of matrix ciphertexts, P.sub.0, . . . , p.sub.7elements of service key.

(246) Below is shown how the holder of the secret key computes service keys P for many users.

(247) Note that random numbers .sub.i and .sub.i chosen independently for different users x.sub.i.
P.sub.0=.sub.ia.sub.0+.sub.ib.sub.0, where
a.sub.0=.Math.s.sub.1,0.Math.s.sub.2,0,b.sub.0=s.sub.2,1.Math.s.sub.1,0
P.sub.1=s.sub.2,1.Math.s.sub.1,2,
P.sub.2=.sub.i.Math.a.sub.2+.sub.ib.sub.2, where
a.sub.2=s.sub.2,0.Math.s.sub.1,1,b.sub.2=s.sub.2,1.Math.s.sub.1,1,
P.sub.3=s.sub.2,1.Math.s.sub.1,3,
P.sub.4=.sub.ia.sub.4+.sub.ib.sub.4, where
a.sub.4=s.sub.2,2.Math.s.sub.1,0,b.sub.4=s.sub.2,3.Math.s.sub.1,0,
P.sub.5=s.sub.2,3.Math.s.sub.1,2,
P.sub.6=.sub.i.Math.a.sub.6+.sub.ib.sub.6, where
a.sub.6=s.sub.2,2.Math.s.sub.1,1,b.sub.6=s.sub.2,3.Math.s.sub.1,1,
P.sub.7=s.sub.2,3.Math.s.sub.1,3.

(248) Accordingly, the disclosed embodiments provide for a unique featuremany different encryption keys and one decryption key.

(249) The disclosed embodiments may be used for various non-limiting exemplary use cases.

(250) 1. Anti-Money Laundering (AML) very specific and unique cases when the auditor can look into the protected case/safe to help the government to prove that it is clean inside.

(251) 2. Encrypted data integrity. For example, a user encrypts his dataset by the disclosed Homomorphic Encryption scheme and placed it to cloud. To achieve integrity of this encrypted data, homomorphic hash feature of the disclosed scheme may be used.

(252) 3. Virtual machines static protection (integrity). The VM integrity may be protected by generating FHE hash during power down and then power up. Comparison of two hash sums will be implemented homomorphically, meaning with no opening of plaintext hash.

(253) 4. Statistical computations over encrypted data. When a user placed encrypted dataset to cloud (see Use case 1), he may perform various statistical computations over this data. Note that in these computations often use arithmetic operation of division, which does not exist in existing FHE libraries (i.e., HElib, SEAL and other libraries do not support division). Moreover, high-depth circuits which arise in statistical computations are expensive for existing FHE, but very inexpensive for the disclosed scheme.

(254) 5. Outsourced encrypted data. Encrypted dataset in use cases 1 and 2 can be outsourced to perform various computations, in particular, statistical computations.

(255) 6. Search over encrypted data. In all of the above use cases, a user has an opportunity to search over encrypted data using such feature of the disclosed encryption scheme as a homomorphic index. Consider a setting when on site of some organization needs to verify user before onboarding, but the user may not want to reveal his identity. In this case, when someone wants to have access to organization's data, he/she inputs their full name and after encryption obtained ciphertext is compared with an access list for homomorphic equality, the access is allowed.

(256) 7. In one embodiment, a homomorphic audit may be implemented as follows. Consider a setting when sensitive data of organization is encrypted using the disclosed encryption scheme. Also, some public data is encrypted for easy comparison. The auditor can homomorphically compute over encrypted data and perform various comparisons with them.

(257) 8. Consider a manager-employees relationship with using the disclosed encryption scheme. Let a manager be a holder of a secret key. Then, the manager computes different service keys for employees, which have to make their business computations by using the service keys. Finally, the manager compares encrypted results via homomorphic comparisons and decrypts few of them for further analysis.

(258) 9. A unique blockchain FHE-based may be implemented with high performance capable of performing computations from other math domains, for instance such as elliptic curves and perform these operations in the disclosed scheme domain.

(259) According to the disclosed embodiments, several unique features are provided as follows. Non-deterministic encryption may be implementedthe ciphertext generated multiple times for the same plaintext will always be different; Revolutionary speed of the disclosed schemethis speed surpasses any existing analogs by several orders of magnitude, making FHE practical for the first time, while maintaining the high level of security without compromises; Fixed ciphertext expansion; Complete absence of complex, expensive, and very slow operations such as bootstrapping, relinearization, noise, key switching, modulo switching. etc.; Ability to perform homomorphic division, which is fundamentally absent in any current FHE libraries; Unique scheme allowing hybrid functionality (both symmetric and asymmetric) and additionally generating special service keys for homomorphic hashing; Ability to work within the same scheme with both floating points and integers and to perform all four basic arithmetic operations (addition, subtraction, multiplication, and division), which no existing scheme can do; Ability to compare homomorphically encrypted plaintexts without revealing data, which is also impossible with any existing FHE schemes; Ability to generate a homomorphic index derived from the ciphertext but being a deterministic valuei.e., allowing both homomorphic search on encrypted data and creating a new, unique type of database search through unique indexing of this data using this homomorphic index; Ability to create multi-service assimetric keys for multiple users based on one private key, so they can all encrypt data with them, but only the private key owner can decrypt it; Ability to create multi-private keys for multiple users being able to perform FHE comparison on the encrypted data while decrypting data is possible only for each separate private key used for data generation; Unique key switching scheme, where one private key is excluded from the scheme and replaced with another key; Unique ability to peek at data, based on specific parameters using the homomorphic index and overall encrypted data search, which can be implemented in, for example, an AML (anti-money laundering) case; Ability to use the disclosed scheme in databases, making them fully homomorphic and significantly enhancing their security; Ability to perform the disclosed mathematics in conjunction with other areas such as elliptic curves, thereby creating unique blockchain schemes and the potential to build completely new, unique blockchains, tokens, and cryptocurrencies based on FHE, which is impossible with any existing schemes due to their extremely low performance; Ability to create a completely new FHE scheme for ZKP (zero-knowledge proofs); and The new entity, such as a services keys, which can be generated to service with FHE Hash or used as a standalone sort of private keys just for encryption (with no decryption capabilities).

(260) The disclosed ecosystem/engine has no analogs globally, neither in essence, nor in performance (by several orders of magnitude), nor in functionality, which is unique to the ecosystem/engine. For example, as discussed above, homomorphic division, comparison, hash, indexing and multi-key generation are properties exclusive to the disclosed FHE Crypto Engine.

(261) As discussed above, in one embodiment, the features and/or the actions described and/or depicted herein can occur on or with respect to the blockchain 110. The above embodiments of the present disclosure may be implemented in hardware, in computer-readable instructions executed by a processor, in firmware, or in a combination of the above. The computer computer-readable instructions may be embodied on a computer-readable medium, such as a storage medium. For example, the computer computer-readable instructions may reside in random access memory (RAM), flash memory, read-only memory (ROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), registers, hard disk, a removable disk, a compact disk read-only memory (CD-ROM), or any other form of storage medium known in the art.

(262) An exemplary storage medium may be coupled to the processor such that the processor may read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an application specific integrated circuit (ASIC). In the alternative embodiment, the processor and the storage medium may reside as discrete components. For example, FIG. 11 illustrates an example computing device (e.g., a server node) 500, which may represent or be integrated in any of the above-described components, etc.

(263) FIG. 11 illustrates a block diagram of a system including computing device 500. The computing device 500 may comprise, but not be limited to the following: Mobile computing device, such as, but is not limited to, a laptop, a tablet, a smartphone, a drone, a wearable, an embedded device, a handheld device, an Arduino, an industrial device, or a remotely operable recording device; A supercomputer, an exa-scale supercomputer, a mainframe, or a quantum computer; A minicomputer, wherein the minicomputer computing device comprises, but is not limited to, an IBM AS500/iSeries/System I, A DEC VAX/PDP, a HP3000, a Honeywell-Bull DPS, a Texas Instruments TI-990, or a Wang Laboratories VS Series; A microcomputer, wherein the microcomputer computing device comprises, but is not limited to, a server, wherein a server may be rack mounted, a workstation, an industrial device, a raspberry pi, a desktop, or an embedded device; The user computing node 101 (see FIG. 2) may be hosted on a centralized server or on a cloud computing service. Although method 300 has been described to be performed by the user computing node 101 implemented on a computing device 500, it should be understood that, in some embodiments, different operations may be performed by a plurality of the computing devices 500 in operative communication at least one network.

(264) Embodiments of the present disclosure may comprise a computing device having a central processing unit (CPU) 520, a bus 530, a memory unit 550, a power supply unit (PSU) 550, and one or more Input/Output (I/O) units. The CPU 520 coupled to the memory unit 550 and the plurality of I/O units 560 via the bus 530, all of which are powered by the PSU 550. It should be understood that, in some embodiments, each disclosed unit may actually be a plurality of such units for the purposes of redundancy, high availability, and/or performance. The combination of the presently disclosed units is configured to perform the stages of any method disclosed herein.

(265) Consistent with an embodiment of the disclosure, the aforementioned CPU 520, the bus 530, the memory unit 550, a PSU 550, and the plurality of I/O units 560 may be implemented in a computing device, such as computing device 500. Any suitable combination of hardware, software, or firmware may be used to implement the aforementioned units. For example, the CPU 520, the bus 530, and the memory unit 550 may be implemented with computing device 500 or any of other computing devices 500, in combination with computing device 500. The aforementioned system, device, and components are examples and other systems, devices, and components may comprise the aforementioned CPU 520, the bus 530, the memory unit 550, consistent with embodiments of the disclosure.

(266) At least one computing device 500 may be embodied as any of the computing elements illustrated in all of the attached figures, including the user computing node 101 (FIG. 2). A computing device 500 does not need to be electronic, nor even have a CPU 520, nor bus 530, nor memory unit 550. The definition of the computing device 500 to a person having ordinary skill in the art is A device that computes, especially a programmable [usually] electronic machine that performs high-speed mathematical or logical operations or that assembles, stores, correlates, or otherwise processes information. Any device which processes information qualifies as a computing device 500, especially if the processing is purposeful.

(267) With reference to FIG. 11, a system consistent with an embodiment of the disclosure may include a computing device, such as computing device 500. In a basic configuration, computing device 500 may include at least one clock module 510, at least one CPU 520, at least one bus 530, and at least one memory unit 550, at least one PSU 550, and at least one I/O 560 module, wherein I/O module may be comprised of, but not limited to a non-volatile storage sub-module 561, a communication sub-module 562, a sensors sub-module 563, and a peripherals sub-module 565.

(268) A system consistent with an embodiment of the disclosure the computing device 500 may include the clock module 510 may be known to a person having ordinary skill in the art as a clock generator, which produces clock signals. Clock signal is a particular type of signal that oscillates between a high and a low state and is used like a metronome to coordinate actions of digital circuits. Most integrated circuits (ICs) of sufficient complexity use a clock signal in order to synchronize different parts of the circuit, cycling at a rate slower than the worst-case internal propagation delays. The preeminent example of the aforementioned integrated circuit is the CPU 520, the central component of modern computers, which relies on a clock. The only exceptions are asynchronous circuits such as asynchronous CPUs. The clock 510 can comprise a plurality of embodiments, such as, but not limited to, single-phase clock which transmits all clock signals on effectively 1 wire, two-phase clock which distributes clock signals on two wires, each with non-overlapping pulses, and four-phase clock which distributes clock signals on 5 wires.

(269) Many computing devices 500 use a clock multiplier which multiplies a lower frequency external clock to the appropriate clock rate of the CPU 520. This allows the CPU 520 to operate at a much higher frequency than the rest of the computer, which affords performance gains in situations where the CPU 520 does not need to wait on an external factor (like memory 550 or input/output 560). Some embodiments of the clock 510 may include dynamic frequency change, where the time between clock edges can vary widely from one edge to the next and back again.

(270) A system consistent with an embodiment of the disclosure the computing device 500 may include the CPU unit 520 comprising at least one CPU Core 521. A plurality of CPU cores 521 may comprise identical CPU cores 521, such as, but not limited to, homogeneous multi-core systems. It is also possible for the plurality of CPU cores 521 to comprise different CPU cores 521, such as, but not limited to, heterogeneous multi-core systems, big.LITTLE systems and some AMD accelerated processing units (APU). The CPU unit 520 reads and executes program instructions which may be used across many application domains, for example, but not limited to, general purpose computing, embedded computing, network computing, digital signal processing (DSP), and graphics processing (GPU). The CPU unit 520 may run multiple instructions on separate CPU cores 521 at the same time. The CPU unit 520 may be integrated into at least one of a single integrated circuit die and multiple dies in a single chip package. The single integrated circuit die and multiple dies in a single chip package may contain a plurality of other aspects of the computing device 500, for example, but not limited to, the clock 510, the CPU 520, the bus 530, the memory 550, and I/O 560.

(271) The CPU unit 520 may contain cache 522 such as, but not limited to, a level 1 cache, level 2 cache, level 3 cache or combination thereof. The aforementioned cache 522 may or may not be shared amongst a plurality of CPU cores 521. The cache 522 sharing comprises at least one of message passing and inter-core communication methods may be used for the at least one CPU Core 521 to communicate with the cache 522. The inter-core communication methods may comprise, but not limited to, bus, ring, two-dimensional mesh, and crossbar. The aforementioned CPU unit 520 may employ symmetric multiprocessing (SMP) design.

(272) The plurality of the aforementioned CPU cores 521 may comprise soft microprocessor cores on a single field programmable gate array (FPGA), such as semiconductor intellectual property cores (IP Core). The plurality of CPU cores 521 architecture may be based on at least one of, but not limited to, Complex instruction set computing (CISC), Zero instruction set computing (ZISC), and Reduced instruction set computing (RISC). At least one of the performance-enhancing methods may be employed by the plurality of the CPU cores 521, for example, but not limited to Instruction-level parallelism (ILP) such as, but not limited to, superscalar pipelining, and Thread-level parallelism (TLP).

(273) Consistent with the embodiments of the present disclosure, the aforementioned computing device 500 may employ a communication system that transfers data between components inside the aforementioned computing device 500, and/or the plurality of computing devices 500. The aforementioned communication system will be known to a person having ordinary skill in the art as a bus 530. The bus 530 may embody internal and/or external plurality of hardware and software components, for example, but not limited to a wire, optical fiber, communication protocols, and any physical arrangement that provides the same logical function as a parallel electrical bus. The bus 530 may comprise at least one of, but not limited to a parallel bus, wherein the parallel bus carry data words in parallel on multiple wires, and a serial bus, wherein the serial bus carry data in bit-serial form. The bus 530 may embody a plurality of topologies, for example, but not limited to, a multidrop/electrical parallel topology, a daisy chain topology, and a connected by switched hubs, such as USB bus. The bus 530 may comprise a plurality of embodiments, for example, but not limited to: Internal data bus (data bus) 531/Memory bus Control bus 532 Address bus 533 System Management Bus (SMBus) Front-Side-Bus (FSB) External Bus Interface (EBI) Local bus Expansion bus Lightning bus Controller Area Network (CAN bus) Camera Link ExpressCard Advanced Technology management Attachment (ATA), including embodiments and derivatives such as, but not limited to, Integrated Drive Electronics (IDE)/Enhanced IDE (EIDE), ATA Packet Interface (ATAPI), Ultra-Direct Memory Access (UDMA), Ultra ATA (UATA)/Parallel ATA (PATA)/Serial ATA (SATA), CompactFlash (CF) interface, Consumer Electronics ATA (CE-ATA)/Fiber Attached Technology Adapted (FATA), Advanced Host Controller Interface (AHCI), SATA Express (SATAe)/External SATA (eSATA), including the powered embodiment eSATAp/Mini-SATA (mSATA), and Next Generation Form Factor (NGFF)/M.2. Small Computer System Interface (SCSI)/Serial Attached SCSI (SAS) HyperTransport InfiniBand RapidIO Mobile Industry Processor Interface (MIPI) Coherent Processor Interface (CAPI) Plug-n-play 1-Wire Peripheral Component Interconnect (PCI), including embodiments such as, but not limited to, Accelerated Graphics Port (AGP), Peripheral Component Interconnect eXtended (PCI-X), Peripheral Component Interconnect Express (PCI-e) (e.g., PCI Express Mini Card, PCI Express M.2 [Mini PCIe v2], PCI Express External Cabling [ePCIe], and PCI Express OCuLink [Optical Copper{Cu}Link]), Express Card, AdvancedTCA, AMC, Universal IO, Thunderbolt/Mini DisplayPort, Mobile PCIe (M-PCIe), U.2, and Non-Volatile Memory Express (NVMe)/Non-Volatile Memory Host Controller Interface Specification (NVMHCIS). Industry Standard Architecture (ISA), including embodiments such as, but not limited to Extended ISA (EISA), PC/XT-bus/PC/AT-bus/PC/105 bus (e.g., PC/105-Plus, PCI/105-Express, PCI/105, and PCI-105), and Low Pin Count (LPC). Music Instrument Digital Interface (MIDI) Universal Serial Bus (USB), including embodiments such as, but not limited to, Media Transfer Protocol (MTP)/Mobile High-Definition Link (MHL), Device Firmware Upgrade (DFU), wireless USB, InterChip USB, IEEE 1395 Interface/Firewire, Thunderbolt, and eXtensible Host Controller Interface (xHCI).

(274) Consistent with the embodiments of the present disclosure, the aforementioned computing device 500 may employ hardware integrated circuits that store information for immediate use in the computing device 500, known to the person having ordinary skill in the art as primary storage or memory 550. The memory 550 operates at high speed, distinguishing it from the non-volatile storage sub-module 561, which may be referred to as secondary or tertiary storage, which provides slow-to-access information but offers higher capacities at lower cost. The contents contained in memory 550, may be transferred to secondary storage via techniques such as, but not limited to, virtual memory and swap. The memory 550 may be associated with addressable semiconductor memory, such as integrated circuits consisting of silicon-based transistors, used for example as primary storage but also other purposes in the computing device 500. The memory 550 may comprise a plurality of embodiments, such as, but not limited to volatile memory, non-volatile memory, and semi-volatile memory. It should be understood by a person having ordinary skill in the art that the ensuing are non-limiting examples of the aforementioned memory: Volatile memory which requires power to maintain stored information, for example, but not limited to, Dynamic Random-Access Memory (DRAM) 551, Static Random-Access Memory (SRAM) 552, CPU Cache memory 525, Advanced Random-Access Memory (A-RAM), and other types of primary storage such as Random-Access Memory (RAM). Non-volatile memory which can retain stored information even after power is removed, for example, but not limited to, Read-Only Memory (ROM) 553, Programmable ROM (PROM) 555, Erasable PROM (EPROM) 555, Electrically Erasable PROM (EEPROM) 556 (e.g., flash memory and Electrically Alterable PROM [EAPROM]), Mask ROM (MROM), One Time Programmable (OTP) ROM/Write Once Read Many (WORM), Ferroelectric RAM (FeRAM), Parallel Random-Access Machine (PRAM), Split-Transfer Torque RAM (STT-RAM), Silicon Oxime Nitride Oxide Silicon (SONOS), Resistive RAM (RRAM), Nano RAM (NRAM), 3D XPoint, Domain-Wall Memory (DWM), and millipede memory. Semi-volatile memory which may have some limited non-volatile duration after power is removed but loses data after said duration has passed. Semi-volatile memory provides high performance, durability, and other valuable characteristics typically associated with volatile memory, while providing some benefits of true non-volatile memory. The semi-volatile memory may comprise volatile and non-volatile memory and/or volatile memory with battery to provide power after power is removed. The semi-volatile memory may comprise, but not limited to spin-transfer torque RAM (STT-RAM). Consistent with the embodiments of the present disclosure, the aforementioned computing device 500 may employ the communication system between an information processing system, such as the computing device 500, and the outside world, for example, but not limited to, human, environment, and another computing device 500. The aforementioned communication system will be known to a person having ordinary skill in the art as I/O 560. The I/O module 560 regulates a plurality of inputs and outputs with regard to the computing device 500, wherein the inputs are a plurality of signals and data received by the computing device 500, and the outputs are the plurality of signals and data sent from the computing device 500. The I/O module 560 interfaces a plurality of hardware, such as, but not limited to, non-volatile storage 561, communication devices 562, sensors 563, and peripherals 565. The plurality of hardware is used by at least one of, but not limited to, human, environment, and another computing device 500 to communicate with the present computing device 500. The I/O module 560 may comprise a plurality of forms, for example, but not limited to channel I/O, port mapped I/O, asynchronous I/O, and Direct Memory Access (DMA). Consistent with the embodiments of the present disclosure, the aforementioned computing device 500 may employ the non-volatile storage sub-module 561, which may be referred to by a person having ordinary skill in the art as one of secondary storage, external memory, tertiary storage, off-line storage, and auxiliary storage. The non-volatile storage sub-module 561 may not be accessed directly by the CPU 520 without using an intermediate area in the memory 550. The non-volatile storage sub-module 561 does not lose data when power is removed and may be two orders of magnitude less costly than storage used in memory modules, at the expense of speed and latency. The non-volatile storage sub-module 561 may comprise a plurality of forms, such as, but not limited to, Direct Attached Storage (DAS), Network Attached Storage (NAS), Storage Area Network (SAN), nearline storage, Massive Array of Idle Disks (MAID), Redundant Array of Independent Disks (RAID), device mirroring, off-line storage, and robotic storage. The non-volatile storage sub-module (561) may comprise a plurality of embodiments, such as, but not limited to: Optical storage, for example, but not limited to, Compact Disk (CD) (CD-ROM/CD-R/CD-RW), Digital Versatile Disk (DVD) (DVD-ROM/DVD-R/DVD+R/DVD-RW/DVD+RW/DVDRW/DVD+R DL/DVD-RAM/HD-DVD), Blu-ray Disk (BD) (BD-ROM/BD-R/BD-RE/BD-R DL/BD-RE DL), and Ultra-Density Optical (UDO). Semiconductor storage, for example, but not limited to, flash memory, such as, but not limited to, USB flash drive, Memory card, Subscriber Identity Module (SIM) card, Secure Digital (SD) card, Smart Card, CompactFlash (CF) card, Solid-State Drive (SSD) and memristor. Magnetic storage such as, but not limited to, Hard Disk Drive (HDD), tape drive, carousel memory, and Card Random-Access Memory (CRAM). Phase-change memory Holographic data storage such as Holographic Versatile Disk (HVD). Molecular Memory Deoxyribonucleic Acid (DNA) digital data storage

(275) Consistent with the embodiments of the present disclosure, the aforementioned computing device 500 may employ the communication sub-module 562 as a subset of the I/O 560, which may be referred to by a person having ordinary skill in the art as at least one of, but not limited to, computer network, data network, and network. The network allows computing devices 500 to exchange data using connections, which may be known to a person having ordinary skill in the art as data links, between network nodes. The nodes comprise network computer devices 500 that originate, route, and terminate data. The nodes are identified by network addresses and can include a plurality of hosts consistent with the embodiments of a computing device 500. The aforementioned embodiments include, but not limited to personal computers, phones, servers, drones, and networking devices such as, but not limited to, hubs, switches, routers, modems, and firewalls.

(276) Two nodes can be networked together, when one computing device 500 is able to exchange information with the other computing device 500, whether or not they have a direct connection with each other. The communication sub-module 562 supports a plurality of applications and services, such as, but not limited to World Wide Web (WWW), digital video and audio, shared use of application and storage computing devices 500, printers/scanners/fax machines, email/online chat/instant messaging, remote control, distributed computing, etc. The network may comprise a plurality of transmission mediums, such as, but not limited to conductive wire, fiber optics, and wireless. The network may comprise a plurality of communications protocols to organize network traffic, wherein application-specific communications protocols are layered, may be known to a person having ordinary skill in the art as carried as payload, over other more general communications protocols. The plurality of communications protocols may comprise, but not limited to, IEEE 802, ethernet, Wireless LAN (WLAN/Wi-Fi), Internet Protocol (IP) suite (e.g., TCP/IP, UDP, Internet Protocol version 5 [IPv5], and Internet Protocol version 6 [IPv6]), Synchronous Optical Networking (SONET)/Synchronous Digital Hierarchy (SDH), Asynchronous Transfer Mode (ATM), and cellular standards (e.g., Global System for Mobile Communications [GSM], General Packet Radio Service [GPRS], Code-Division Multiple Access [CDMA], and Integrated Digital Enhanced Network [IDEN]).

(277) The communication sub-module 562 may comprise a plurality of size, topology, traffic control mechanism and organizational intent. The communication sub-module 562 may comprise a plurality of embodiments, such as, but not limited to: Wired communications, such as, but not limited to, coaxial cable, phone lines, twisted pair cables (ethernet), and InfiniBand. Wireless communications, such as, but not limited to, communications satellites, cellular systems, radio frequency/spread spectrum technologies, IEEE 802.11 Wi-Fi, Bluetooth, NFC, free-space optical communications, terrestrial microwave, and Infrared (IR) communications. Cellular systems embody technologies such as, but not limited to, 3G, 5G (such as WiMax and LTE), and 5G (short and long wavelength). Parallel communications, such as, but not limited to, LPT ports. Serial communications, such as, but not limited to, RS-232 and USB. Fiber Optic communications, such as, but not limited to, Single-mode optical fiber (SMF) and Multi-mode optical fiber (MMF). Power Line and wireless communications

(278) The aforementioned network may comprise a plurality of layouts, such as, but not limited to, bus network such as ethernet, star network such as Wi-Fi, ring network, mesh network, fully connected network, and tree network. The network can be characterized by its physical capacity or its organizational purpose. Use of the network, including user authorization and access rights, differ accordingly. The characterization may include, but not limited to nanoscale network, Personal Area Network (PAN), Local Area Network (LAN), Home Area Network (HAN), Storage Area Network (SAN), Campus Area Network (CAN), backbone network, Metropolitan Area Network (MAN), Wide Area Network (WAN), enterprise private network, Virtual Private Network (VPN), and Global Area Network (GAN).

(279) Consistent with the embodiments of the present disclosure, the aforementioned computing device 500 may employ the sensors sub-module 563 as a subset of the I/O 560. The sensors sub-module 563 comprises at least one of the devices, modules, and subsystems whose purpose is to detect events or changes in its environment and send the information to the computing device 500. Sensors are sensitive to the measured property, are not sensitive to any property not measured, but may be encountered in its application, and do not significantly influence the measured property. The sensors sub-module 563 may comprise a plurality of digital devices and analog devices, wherein if an analog device is used, an Analog to Digital (A-to-D) converter must be employed to interface the said device with the computing device 500. The sensors may be subject to a plurality of deviations that limit sensor accuracy. The sensors sub-module 563 may comprise a plurality of embodiments, such as, but not limited to, chemical sensors, automotive sensors, acoustic/sound/vibration sensors, electric current/electric potential/magnetic/radio sensors, environmental/weather/moisture/humidity sensors, flow/fluid velocity sensors, ionizing radiation/particle sensors, navigation sensors, position/angle/displacement/distance/speed/acceleration sensors, imaging/optical/light sensors, pressure sensors, force/density/level sensors, thermal/temperature sensors, and proximity/presence sensors. It should be understood by a person having ordinary skill in the art that the ensuing are non-limiting examples of the aforementioned sensors:

(280) Chemical sensors, such as, but not limited to, breathalyzer, carbon dioxide sensor, carbon monoxide/smoke detector, catalytic bead sensor, chemical field-effect transistor, chemiresistor, electrochemical gas sensor, electronic nose, electrolyte-insulator-semiconductor sensor, energy-dispersive X-ray spectroscopy, fluorescent chloride sensors, holographic sensor, hydrocarbon dew point analyzer, hydrogen sensor, hydrogen sulfide sensor, infrared point sensor, ion-selective electrode, nondispersive infrared sensor, microwave chemistry sensor, nitrogen oxide sensor, olfactometer, optode, oxygen sensor, ozone monitor, pellistor, pH glass electrode, potentiometric sensor, redox electrode, zinc oxide nanorod sensor, and biosensors (such as nano-sensors).

(281) Automotive sensors, such as, but not limited to, air flow meter/mass airflow sensor, air-fuel ratio meter, AFR sensor, blind spot monitor, engine coolant/exhaust gas/cylinder head/transmission fluid temperature sensor, hall effect sensor, wheel/automatic transmission/turbine/vehicle speed sensor, airbag sensors, brake fluid/engine crankcase/fuel/oil/tire pressure sensor, camshaft/crankshaft/throttle position sensor, fuel/oil level sensor, knock sensor, light sensor, MAP sensor, oxygen sensor (o2), parking sensor, radar sensor, torque sensor, variable reluctance sensor, and water-in-fuel sensor. Acoustic, sound and vibration sensors, such as, but not limited to, microphone, lace sensor (guitar pickup), seismometer, sound locator, geophone, and hydrophone. Electric current, electric potential, magnetic, and radio sensors, such as, but not limited to, current sensor, Daly detector, electroscope, electron multiplier, faraday cup, galvanometer, hall effect sensor, hall probe, magnetic anomaly detector, magnetometer, magnetoresistance, MEMS magnetic field sensor, metal detector, planar hall sensor, radio direction finder, and voltage detector. Environmental, weather, moisture, and humidity sensors, such as, but not limited to, actinometer, air pollution sensor, bedwetting alarm, ceilometer, dew warning, electrochemical gas sensor, fish counter, frequency domain sensor, gas detector, hook gauge evaporimeter, humistor, hygrometer, leaf sensor, lysimeter, pyranometer, pyrgeometer, psychrometer, rain gauge, rain sensor, seismometers, SNOTEL, snow gauge, soil moisture sensor, stream gauge, and tide gauge. Flow and fluid velocity sensors, such as, but not limited to, air flow meter, anemometer, flow sensor, gas meter, mass flow sensor, and water meter. Ionizing radiation and particle sensors, such as, but not limited to, cloud chamber, Geiger counter, Geiger-Muller tube, ionization chamber, neutron detection, proportional counter, scintillation counter, semiconductor detector, and thermos-luminescent dosimeter. Navigation sensors, such as, but not limited to, air speed indicator, altimeter, attitude indicator, depth gauge, fluxgate compass, gyroscope, inertial navigation system, inertial reference unit, magnetic compass, MHD sensor, ring laser gyroscope, turn coordinator, variometer, vibrating structure gyroscope, and yaw rate sensor. Position, angle, displacement, distance, speed, and acceleration sensors, such as, but not limited to, accelerometer, displacement sensor, flex sensor, free fall sensor, gravimeter, impact sensor, laser rangefinder, LIDAR, odometer, photoelectric sensor, position sensor such as, but not limited to, GPS or Glonass, angular rate sensor, shock detector, ultrasonic sensor, tilt sensor, tachometer, ultra-wideband radar, variable reluctance sensor, and velocity receiver. Imaging, optical and light sensors, such as, but not limited to, CMOS sensor, LiDAR, multi-spectral light sensor, colorimeter, contact image sensor, electro-optical sensor, infra-red sensor, kinetic inductance detector, LED as light sensor, light-addressable potentiometric sensor, Nichols radiometer, fiber-optic sensors, optical position sensor, thermopile laser sensor, photodetector, photodiode, photomultiplier tubes, phototransistor, photoelectric sensor, photoionization detector, photomultiplier, photoresistor, photo-switch, phototube, scintillometer, Shack-Hartmann, single-photon avalanche diode, superconducting nanowire single-photon detector, transition edge sensor, visible light photon counter, and wavefront sensor. Pressure sensors, such as, but not limited to, barograph, barometer, boost gauge, bourdon gauge, hot filament ionization gauge, ionization gauge, McLeod gauge, Oscillating U-tube, permanent downhole gauge, piezometer, Pirani gauge, pressure sensor, pressure gauge, tactile sensor, and time pressure gauge. Force, Density, and Level sensors, such as, but not limited to, bhangmeter, hydrometer, force gauge or force sensor, level sensor, load cell, magnetic level or nuclear density sensor or strain gauge, piezo capacitive pressure sensor, piezoelectric sensor, torque sensor, and viscometer. Thermal and temperature sensors, such as, but not limited to, bolometer, bimetallic strip, calorimeter, exhaust gas temperature gauge, flame detection/pyrometer, Gardon gauge, Golay cell, heat flux sensor, microbolometer, microwave radiometer, net radiometer, infrared/quartz/resistance thermometer, silicon bandgap temperature sensor, thermistor, and thermocouple. Proximity and presence sensors, such as, but not limited to, alarm sensor, doppler radar, motion detector, occupancy sensor, proximity sensor, passive infrared sensor, reed switch, stud finder, triangulation sensor, touch switch, and wired glove.

(282) Consistent with the embodiments of the present disclosure, the aforementioned computing device 500 may employ the peripherals sub-module 562 as a subset of the I/O 560. The peripheral sub-module 565 comprises ancillary devices used to put information into and get information out of the computing device 500. There are 3 categories of devices comprising the peripheral sub-module 565, which exist based on their relationship with the computing device 500, input devices, output devices, and input/output devices. Input devices send at least one of data and instructions to the computing device 500. Input devices can be categorized based on, but not limited to: Modality of input, such as, but not limited to, mechanical motion, audio, visual, and tactile. Whether the input is discrete, such as but not limited to, pressing a key, or continuous such as, but not limited to position of a mouse. The number of degrees of freedom involved, such as, but not limited to, two-dimensional mice vs three-dimensional mice used for Computer-Aided Design (CAD) applications.

(283) Output devices provide output from the computing device 500. Output devices convert electronically generated information into a form that can be presented to humans. Input/output devices that perform both input and output functions. It should be understood by a person having ordinary skill in the art that the ensuing are non-limiting embodiments of the aforementioned peripheral sub-module 565: Input Devices Human Interface Devices (HID), such as, but not limited to, pointing device (e.g., mouse, touchpad, joystick, touchscreen, game controller/gamepad, remote, light pen, light gun, Wii remote, jog dial, shuttle, and knob), keyboard, graphics tablet, digital pen, gesture recognition devices, magnetic ink character recognition, Sip-and-Puff (SNP) device, and Language Acquisition Device (LAD). High degree of freedom devices, that require up to six degrees of freedom such as, but not limited to, camera gimbals, Cave Automatic Virtual Environment (CAVE), and virtual reality systems. Video Input devices are used to digitize images or video from the outside world into the computing device 500. The information can be stored in a multitude of formats depending on the user's requirement. Examples of types of video input devices include, but not limited to, digital camera, digital camcorder, portable media player, webcam, Microsoft Kinect, image scanner, fingerprint scanner, barcode reader, 3D scanner, laser rangefinder, eye gaze tracker, computed tomography, magnetic resonance imaging, positron emission tomography, medical ultrasonography, TV tuner, and iris scanner. Audio input devices are used to capture sound. In some cases, an audio output device can be used as an input device, in order to capture produced sound. Audio input devices allow a user to send audio signals to the computing device 500 for at least one of processing, recording, and carrying out commands. Devices such as microphones allow users to speak to the computer in order to record a voice message or navigate software. Aside from recording, audio input devices are also used with speech recognition software. Examples of types of audio input devices include, but not limited to microphone, Musical Instrument Digital Interface (MIDI) devices such as, but not limited to a keyboard, and headset. Data Acquisition (DAQ) devices convert at least one of analog signals and physical parameters to digital values for processing by the computing device 500. Examples of DAQ devices may include, but not limited to, Analog to Digital Converter (ADC), data logger, signal conditioning circuitry, multiplexer, and Time to Digital Converter (TDC).

(284) Output Devices may further comprise, but not be limited to: Display devices, which convert electrical information into visual form, such as, but not limited to, monitor, TV, projector, and Computer Output Microfilm (COM). Display devices can use a plurality of underlying technologies, such as, but not limited to, Cathode-Ray Tube (CRT), Thin-Film Transistor (TFT), Liquid Crystal Display (LCD), Organic Light-Emitting Diode (OLED), MicroLED, E Ink Display (ePaper) and Refreshable Braille Display (Braille Terminal).

(285) Printers, such as, but not limited to, inkjet printers, laser printers, 3D printers, solid ink printers and plotters. Audio and Video (AV) devices, such as, but not limited to, speakers, headphones, amplifiers and lights, which include lamps, strobes, DJ lighting, stage lighting, architectural lighting, special effect lighting, and lasers. Other devices such as Digital to Analog Converter (DAC)

(286) Input/Output Devices may further comprise, but not be limited to, touchscreens, networking device (e.g., devices disclosed in network 562 sub-module), data storage device (non-volatile storage 561), facsimile (FAX), and graphics/sound cards.

(287) In one embodiment, Public Key homomorphic encryption is provided.

(288) FIG. 12 illustrates flowcharts of a process of Public Key generation in PK(.sub.p) and PK() consistent with the present disclosure.

(289) Referring to FIG. 12, we have established symmetric matrix-based homomorphic encryption scheme denoted as for reference. Next public key (i.e., asymmetric) is designed for public key version of this scheme denoted it as PK. The instructions corresponding to the processes depicted in FIGS. 12-17 may be executed by the User Computing Entity NODE 101 depicted in FIG. 10.

(290) The security of the disclosed scheme for both Symmetric and Asymmetric levels is grounded in the hardness of the conjugacy problemone of the three fundamental problems in combinatorial group theory, alongside the word problem and the isomorphism problem. Specifically, for a given group G and elements x, yG establish whether x and y are conjugate in G, if they are, the task is to find at least one zG such that z.sup.1xz=y (with such z being referred to as a conjugator).

(291) The security of our scheme relies not only on the hardness of the conjugacy problem in matrices over a residue ring of RSA-like type modulus, but also, more importantly, on the assumption of conjugator indistinguishability. This assumption prevents an attacker from extracting the secret key from a set of random conjugators for given 2 elements of group G.

(292) Informally, we will do the following. First, we choose two random secret keys of the scheme , say, (S, S.sup.1) and (K, K.sup.1), where S and K belong to ring of ll (e.g., 22)-matrix M.sub.2(.sub.m) over residue ring .sub.m with modulus m=pq, where p, q are primes.

(293) We do the same for a floating-point version over field of real numbers say denote both versions as (.sub.m) for integers modulo m and floating-point version as ().

(294) We stress that our public key version works in a new algebraic structure, namely, matrix ring of 22-matrices over non-commutative ring of 22-matrices over residue ring, i.e., M.sub.2(M.sub.2(.sub.m)). This means that we will need a new mathematical technique, for example, noncommutative determinant and inverse matrix.

(295) Let M be 22-matrix over M.sub.2(.sub.m) or M.sub.2(),

(296) $M=\left(\begin{array}{cc}A& B\\ C& D\end{array}\right).$
First, we compute Cayley determinant matrix M, namely, .sub.0=ADBC. As .sub.0 is 22-matrix over .sub.m or , we can compute usual determinant of matrix .sub.0 as follows:
det(M)=det(ADBC)=c.sub.0c.sub.3c.sub.1c.sub.2 where

(297) $\mathrm{AD}-\mathrm{BC}=\left(\begin{array}{cc}{c}_0& c_1\\ c_2& c_3\end{array}\right),$
c.sub.i.sub.m or for i=0,1,2,3.

(298) We select (K, K.sup.1) as master key and use it as encryption key to encrypt all eight elements of matrices S and S.sup.1 within symmetric encryption scheme Z for both versions. We will obtain two ciphertexts P.sub.1=Enc.sub.K(S) and P.sub.2=Enc.sub.K(S.sup.1), which both form public key of PK(.sub.m) and PK(): pk=(P.sub.1, P.sub.2), secret key is sk=((S, S.sup.1), (K, K.sup.1)).

(299) FIG. 13 illustrates flowcharts of a process of generation of Envelop matrix for PK(.sub.m) and PK() consistent with the present disclosure.

(300) Referring to FIG. 13, we describe computation of public key in detail.

(301) Let

(302) $S=\left(\begin{array}{cc}{s}_{1,0}& s_{1,1}\\ s_{1,2}& s_{1,3}\end{array}\right),$

(303) $S^{-1}=\left(\begin{array}{cc}{s}_{2,0}& s_{2,1}\\ s_{2,2}& s_{2,3}\end{array}\right).$

(304) Then,

(305) 0$P_{\mathrm{ij}}={\mathrm{Enc}}_K\left(S_{i,j}\right)=K^{-1}\left(\begin{array}{cc}{}_{i,j}& 0\\ {}_{i,j}& s_{i,j}\end{array}\right)K,$ where .sub.i,j, .sub.i,j chosen at random for all i=1,2 and j=0,1,2,3. So, we have public key pk=(P.sub.1, P.sub.2), where

(306) $P_1=\left(\begin{array}{cc}{P}_{1,0}& P_{1,1}\\ P_{1,2}& P_{1,3}\end{array}\right)\mathrm{and}{P}_2=\left(\begin{array}{cc}{P}_{2,0}& P_{2,1}\\ P_{2,2}& P_{2,3}\end{array}\right).$

(307) Secret key is
sk=((S,S.sup.1),(K,K.sup.1)), where (S, S.sup.1) we will call as private key, and (K, K.sup.1) as master key for scheme PK(.sub.m) and PK().

(308) To present encryption algorithm in public key versions of , we first have to embed plaintext x.sub.m or x into corresponding envelop matrices.

(309) FIGS. 14 and 15 illustrates a flowchart of a Public Key encryption algorithm for PK(.sub.m) and a Public Key Encryption algorithm for PK() consistent with the present disclosure consistent with the present disclosure.

(310) Referring to FIGS. 14-15, to enhance the robustness of the cryptosystem, we propose an algorithm whose main purpose is to strengthen the ciphertext by making it the product of two ciphertexts. This is because the resulting structure changes in such a way that computing the inverse matrix does not lead to the disclosure of the envelop matrix:
Enc.sub.pk(x)=Enc.sub.pk(r).Math.Enc.sub.pk(x.Math.r.sup.1modm).

(311) For floating-points formula will be the same without modular reduction.

(312) Now we can to describe encryption algorithm in schemes PK(.sub.m) and PK().

(313) Given plaintext x from .sub.m or we first embedding x into envelop matrix V(x) and then multiply V(x) by P.sub.1 and P.sub.2 from public key as follows:

(314) ${\mathrm{Enc}}_{pk}^{\left(0\right)}\left(x\right)=P_{2}V\left(x\right)P_1=C_0\left(x\right)$
is called initial ciphertext of plaintext x by pk and such encryption is called initial encryption.

(315) The final encryption performing as follows.

(316) First is needed to choose random invertible r.sub.m or r and calculate r.sup.1, then calculate r.sup.1.Math.x.

(317) Then form envelop matrices V(r) and V(r.sup.1x) and compute initial ciphertexts

(318) ${\mathrm{Enc}}_{pk}^{\left(0\right)}\left(r\right)=P_{2}V\left(r\right)P_I\mathrm{and}{\mathrm{Enc}}_{pk}^{\left(0\right)}\left(r^{-1}x\right)=P_{2}V\left(r^{-1}x\right)P_1.$

(319) Because initial encryption inherits homomorphic properties from basic symmetric scheme, then multiplication our two initial ciphertexts will be some encryption of plaintext x which we will call final encryption or simply encryption of plaintext x and denote this ciphertext as C(x)=Enc.sub.pk(x).

(320) FIGS. 16 and 17 illustrates a flowchart of Decryption Dec.sub.sk(PK(.sub.m)) and Decryption Dec.sub.sk(PK()) consistent with the present disclosure.

(321) Referring to FIGS. 16 and 17, the decryption algorithm Dec.sub.sk takes as inputs ciphertext C(x) and secret key sk=((S, S.sup.1), (K, K.sup.1)) and outputs plaintext x.sub.m.

(322) The decryption is performed in several steps as follows.

(323) First, ciphertext C(x) is presented as 22 block matrix:

(324) $C\left(x\right)=\left(\begin{array}{cc}{C}_0& C_1\\ C_2& C_3\end{array}\right),$
where

(325) C.sub.iM.sub.2(.sub.m), i=0,1,2,3, (i.e., C.sub.i are 22-matrices over .sub.m).

(326) For PK() we have C.sub.iM.sub.2(), i=0,1,2,3.

(327) Second, using master key (K, K.sup.1) we can decrypt C.sub.i, i=0,1,2,3 as follows:
KC.sub.iK.sup.1=T.sub.i,i=0,1,2,3.

(328) Third, we denote matrix T as follows:

(329) $T=\left(\begin{array}{cc}{T}_0& T_1\\ T_2& T_3\end{array}\right).$

(330) Forth, each T.sub.i from T represent as

(331) $T_i=\left(\begin{array}{cc}{T}_{i,0}& T_{i,1}\\ T_{i,2}& T_{i,3}\end{array}\right),i=0,1,2,3.$

(332) Fifth, select from each T.sub.i element T.sub.i,3.sub.m, =0,1,2,3 and form matrix Z, as follows:

(333) $Z=\left(\begin{array}{cc}{T}_{0,3}& T_{1,3}\\ T_{2,3}& T_{3,3}\end{array}\right).$

(334) The same we doing for PK().

(335) Sixth, then compute using private key (S, S.sup.1) matrix Was follows:

(336) $W=SZ{S}^{-1}=\left(\begin{array}{cc}{w}_0& w_1\\ w_2& w_3\end{array}\right).$

(337) Seventh, finally, extracting from matrix W element w.sub.3 we get w.sub.3=x for both versions.

(338) Homomorphic operations may be implemented as follows using the Public Key scheme disclosed herein.

(339) Addition/subtraction (PK(.sub.m), PK().

(340) Let

(341) $C\left(a\right)=\left(\begin{array}{cc}{C}_0& C_1\\ C_2& C_3\end{array}\right),C\left(b\right)=\left(\begin{array}{cc}{C}_0^{}& C_1^{}\\ C_2^{}& C_3^{}\end{array}\right),$
where C.sub.i, C.sub.i, i=0,1,2,3 are 22 matrices over .sub.m or , a and b are plaintexts, a, b.sub.m or a, bR.

(342) Then, C(a)C(b)=C(ab), since C.sub.i, C.sub.i, i=0,1,2,3, are ciphertexts of basic symmetric scheme which homomorphic properties were established in core Patent.

(343) Thus, we have

(344) 0$C\left(a\right)C\left(b\right)=\left(\begin{array}{cc}{C}_0{C}_0^{}& C_1{C}_1^{}\\ C_2{C}_2^{}& C_3{C}_3^{}\end{array}\right)=C\left(ab\right).$

(345) Multiplication ((.sub.m), ())

(346) Let for C(a) and C(b) we use notation above. To compute C(a).Math.C(b) it is needed to multiply block-wise elements of C(a) and C(b). Specifically, we have:

(347) $C\left(a\right).Math.C\left(b\right)=\left(\begin{array}{cc}{D}_0& D_1\\ D_2& D_3\end{array}\right),$
where D.sub.0=C.sub.0C+C.sub.1C,D.sub.1=C.sub.0C.sub.1+C.sub.1C.sub.3,
D.sub.2=C.sub.2C.sub.0+C.sub.3C.sub.2,D.sub.3=C.sub.2C.sub.1+C.sub.3C.sub.3.

(348) Again, since for ciphertexts of symmetric scheme homomorphic properties were established in core Patent we obtain
C(a).Math.C(b)=C(ab).

(349) Division ((.sub.m), ())

(350) To compute

(351) $\frac{C\left(a\right)}{C\left(b\right)}$
we use above notation and will compute C(a).Math.[C(b)].sup.1. But how to compute inverse matrix for 22 matrix over matrix ring M.sub.2(.sub.m) or M.sub.2()?

(352) First, we have 22 matrices over noncommutative rings M.sub.2(.sub.m) and M.sub.2 ().

(353) Let matrix C(b) has the form

(354) $C\left(b\right)=\left(\begin{array}{cc}A& B\\ C& D\end{array}\right),$
where A,B,C,D are 22 matrices over or .sub.m or . Thus, using Schur complement, we have:

(355) ${\left[C\left(b\right)\right]}^{-1}=\left(\begin{array}{cc}{U}_0& U_1\\ U_2& U_3\end{array}\right),$
where
U.sub.0=(ABD.sup.1C).sup.1,U.sub.1=(ABD.sup.1C).sup.1BD.sup.1,
U.sub.2=D.sup.1C(ABD.sup.1C).sup.1,U.sub.3=D.sup.1+D.sup.1C(ABD.sup.1C).sup.1BD.sup.1.

(356) As evident from its construction, the disclosed public key homomorphic encryption scheme inherits all the homomorphic properties established for symmetric version in core Patent. Therefore, public key homomorphic encryption scheme supports all arithmetic operations such as: multiplication, subtraction, division, addition and homomorphic equality with homomorphic comparison. Also, public key homomorphic encryption scheme inherits the same capability regarding homomorphic hashing mechanism and homomorphic index.

(357) All rights including copyrights in the code included herein are vested in and the property of the Applicant. The Applicant retains and reserves all rights in the code included herein, and grants permission to reproduce the material only in connection with reproduction of the granted patent and for no other purpose.

(358) While the specification includes examples, the disclosure's scope is indicated by the following claims. Furthermore, while the specification has been described in language specific to structural features and/or methodological acts, the claims are not limited to the features or acts described above. Rather, the specific features and acts described above are disclosed as examples for embodiments of the disclosure.

(359) Insofar as the description above and the accompanying drawing disclose any additional subject matter that is not within the scope of the claims below, the disclosures are not dedicated to the public and the right to file one or more applications to claims such additional disclosures is reserved.