CN116888921A - Privacy enhanced computing via quarantine encryption - Google Patents

Privacy enhanced computing via quarantine encryption Download PDF

Info

Publication number
CN116888921A
CN116888921A CN202180093277.1A CN202180093277A CN116888921A CN 116888921 A CN116888921 A CN 116888921A CN 202180093277 A CN202180093277 A CN 202180093277A CN 116888921 A CN116888921 A CN 116888921A
Authority
CN
China
Prior art keywords
data
secret
encrypted
secret data
block
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202180093277.1A
Other languages
Chinese (zh)
Inventor
T·M·奥斯汀
V·伯塔科
A·吉西尔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agita Laboratories
Original Assignee
Agita Laboratories
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agita Laboratories filed Critical Agita Laboratories
Priority claimed from PCT/US2021/063947 external-priority patent/WO2022133165A1/en
Publication of CN116888921A publication Critical patent/CN116888921A/en
Pending legal-status Critical Current

Links

Abstract

The system includes electronic circuitry that performs operations on encrypted data. The electronic circuit includes an electronic circuit element electrically coupled to receive an encrypted first block of secret data including a first data identifier and to decrypt the encrypted first block of secret data. The electronic circuit further includes an electronic circuit element electrically coupled to combine the data identifier and the operation identifier of the operation to be performed to generate an intermediate value; applying a one-way hash function to the intermediate value to generate a second data identity; and encrypting the second data identifier for output.

Description

Privacy enhanced computing via quarantine encryption
Cross Reference to Related Applications
This patent application claims priority from U.S. provisional patent application Ser. No. 63/127,183, filed on 18/12/2020, and U.S. provisional patent application Ser. No. 63/221,594, filed on 14/7/2021, the disclosures of each of which are each incorporated herein by reference in their entirety.
Background
With the development of cloud computing and internet of things (IoT), data security is becoming increasingly important. The cloud service provider may access personal information of the user. IoT devices are installed in our homes, our cars, and our workplaces. The ubiquitous software in cloud and internet based systems may be hacked. Bad actors continually develop new software penetration methods, leaving room for improvement in protection against known attacks. Software hackers may be used to obtain data and/or to disrupt the operation of hacked systems. Furthermore, our data may be vulnerable to side-channel attack(s), where an attacker measures the difference in behavior of algorithms that respond to different input data.
Drawings
FIG. 1 is a block diagram of an example system for a cloud-based service including electronic circuitry with quarantine encryption.
FIG. 2 is a block diagram illustrating an example server including electronic circuitry with isolated encryption.
FIG. 3 is a flow chart of an example process of an adder including processing of data and data identifiers.
FIG. 4 is a flow chart of an example process for configuring an electronic circuit with isolated encryption.
FIG. 5 is a flow chart of an example process for performing operations on data within an electronic circuit with quarantine encryption.
FIG. 6 is a flowchart of an example process for verifying a sequence of operations performed on data.
Detailed Description
Disclosed herein is a system for processing data within an electronic circuit that operates on secret data using only hardware, and interfaces of the electronic circuit with other devices do not allow access to unencrypted secret data or data keys. The electronic circuit does not use or include any software and is therefore not vulnerable to software hacking. Furthermore, operations performed on secret data within the electronic circuit have a delay independent of the secret they are processing, do not use shared memory resources for the secret data, and make decisions in a control-independent manner to protect the secret data from side-channel attacks. As used herein, delay is the amount of time required to perform an operation. In an example, the system may further include a data identifier that allows for validation of the integrity and authenticity of results from the sequence of operations performed on the secret data. In this way, the user can perform a sequence of operations on the encrypted secret data in hardware without disclosing the secret data in unencrypted form.
The system disclosed herein includes electronic circuitry that performs operations on encrypted data. The electronic circuit includes electronic circuit elements electrically coupled to: receiving an encrypted first secret data block comprising a first data identifier; decrypting the encrypted first secret data block; combining the data identifier and an operation identifier of an operation to be performed to generate an intermediate value; applying a one-way hash function to the intermediate value to generate a second data identifier; and encrypting the second data identifier for output.
In the system, the encrypted first secret data block may further include first secret data. The electronic circuit may be further electrically coupled to: after decrypting the encrypted first secret data block, performing an operation on the first secret data to generate second secret data; encrypting the second secret data with the second data identifier to generate an encrypted second secret data block; and outputting the encrypted second secret data block.
In the system, the first secret data may be secret source data from a user who provides secret data to an operation to be performed; and the first data identifier may be a secret source data identifier from a user providing secret data to the operation to be performed.
In the system, in the sequence of operations, the encrypted first block of secret data may be an encrypted second block of secret data from a previous operation of the electronic circuit.
In the system, the electronic circuit may be further electrically coupled to: receiving one or more additional encrypted first secret data blocks, each additional encrypted first secret data block comprising corresponding additional first secret data and corresponding additional first data identifiers; generating second secret data by performing the operation further based on the one or more respective additional first secret data; and generating a second data identifier based further on each respective additional first data identifier.
In the system, the electronic circuit may be further electrically coupled to: receiving one or more non-secret data; generating second secret data by performing operations further based on the one or more non-secret data; and generating a second data identifier further based on the one or more non-secret data.
In the system, the electronic circuit may be further electrically coupled to: receiving a second data identifier from a previous operation in a sequence of operations; decrypting a second data identifier from the operation; comparing the decrypted second data identifier from the operation with the decrypted expected second data identifier from the operation; and outputting the decrypted second secret data from the operation when the decrypted second data identifier matches the decrypted expected second data identifier from the operation.
In the system, the electronic circuit may receive the encrypted expected second data identifier as input from the user.
In the system, the encrypted expected second data identifier may be determined based on an expected sequence of operations to be performed by the electronic circuit.
In the system, the encrypted first secret data block may include a boolean first secret data value, and the electronic circuit may be further electrically coupled to: receiving true val, wherein true val is a first secret data block comprising a secret truth value and a first computational data identifier associated with the truth value; receiving false_val, wherein false_val is a first secret data block comprising a secret dummy value and a first calculation identifier associated with the dummy value; performing conditional move operations with semantics: "results=encrypt (decrypt (input Boolean value).
In the system, the electronic circuit may be further electrically coupled to: calculating, for each operation, an encrypted second secret data block based on an operand of the operation and an identifier of the operation, for the sequence of operations; wherein the operand may be the first secret data and non-secret data; and providing the encrypted second secret data block of the final operation of the sequence of operations to the user; wherein: the encrypted first secret data for the initial operation includes an encrypted secret source identifier from the user; and each encrypted first secret data for a subsequent operation is encrypted second secret data from a corresponding previous operation.
The system may further include a computer including a processor and a memory, the memory including instructions that cause the processor to be programmed to: receiving an encrypted second block of secret data from the electronic circuit from the final operation; decrypting a second data identifier from an encrypted second block of secret data from the final operation; comparing the decrypted second data identifier from the final operation with an expected second data identifier from the final operation; and outputting the result of the comparison to a user.
The system may further include a computer including a processor and a memory, the memory including instructions that cause the processor to be programmed to: transmitting the encrypted first secret data block to the electronic circuit; transmitting an operation to be performed to the electronic circuit; receiving an encrypted second block of secret data from the electronic circuit; and providing the encrypted second secret data block to the user or to a second computer operated by the user.
In the system, the encrypted first block of secret data may be based on the encryption of the first secret data value and the first tuple of the first data identifier.
In the system, the encrypted second secret data value may be based on the second secret data value and an encryption of a second tuple of the second data identifier.
In this system, encryption may be based on a high entropy encryption algorithm, where each encryption of the same plaintext value results in a different encryption value that is randomly selected.
In the system, the first encrypted block of secret data and the second encrypted block of secret data may be encrypted based on a symmetric encryption algorithm.
In the system, the electronic circuit may include an interface that prevents a computing device external to the electronic circuit from accessing unencrypted data including the data key, the first secret data, and the second secret data.
In the system, the electronic circuit may be further electrically coupled to output a second block of secret data.
The method disclosed herein comprises: receiving, by the electronic circuit, an encrypted first block of secret data comprising the first secret data and a first data identifier; decrypting the encrypted first secret data block; generating an intermediate value based on the first data identifier and an operation identifier of an operation to be performed; applying a one-way hash function to the intermediate value to generate a second data identifier; performing an operation to be performed on the first secret data to generate second secret data; encrypting the second data identifier with the second secret data to generate a second secret data block; and outputting the second secret data block to a computer.
Fig. 1 illustrates an example system 100 for providing a user with access to a cloud-based service to perform operations on secret data by way of an electronic circuit 130 (electronic circuit 130) with quarantine encryption. In a non-limiting example, the electronic circuit 130 is included in a server 106 configured for cloud computing services. Other configurations are also possible. For example, the electronic circuit 130 may be included in a mobile or personal computing device such as a laptop computer, desktop computer, tablet computer, mobile phone, or the like. The electronic circuitry 130 is electrically coupled to perform operations based solely on hardware and the electrical coupling. Herein, "having isolated encryption" means that the electronic circuit 130 has an interface that prevents a computing device external to the electronic circuit 130 from accessing the unencrypted secret data (i.e., any secret operands or secret calculation results) and the unencrypted data key. Performing the sequence of operations by the electronic circuit 130 based solely on hardware and electrical coupling means herein that the operations are performed based on coupling of electronic components within the electronic circuit, without using program code stored in memory. No operations on the electronic circuitry 130 are performed as computer readable instructions (i.e., software).
As described in detail below, the electronic circuit 130 includes a plurality of sub-circuits dedicated to performing particular operations. Each sub-circuit is a set of electronic circuit elements electrically coupled to perform a corresponding particular operation. A sequence of operations herein means one or more operations arranged to be performed sequentially, i.e. one after the other, wherein each of the operations corresponds to one of the operations to which the electronic circuit 130 is electrically coupled to perform.
The system 100 includes a user device 102 in communication with a server 106 via a network 104. By "communication" is meant herein that digital data and commands are exchanged.
User device 102 is a computing device that provides users with access to network communications, data processing, electronic commerce, and the like. Non-limiting examples of user devices 102 include mobile phones, laptops, storage devices, and tablet computing devices. For ease of discussion, the system 100 will be described as having one user device 102. However, the system 100 may include many (e.g., hundreds or thousands) of user devices 102.
The user device 102 includes a computer 110, the computer 110 including a processor and a memory. The computer 110 is programmed to communicate with the network 104. As described in more detail below, computer 110 is programmed to encrypt a user data key with a server public key and send the encrypted user data key to server 106. The computer 110 is further programmed to encrypt the secret data with the user's data key and send the encrypted secret data to the server 106. The computer 110 is further programmed to send a sequence of operations to be performed on the secret data by the server 106.
Network 104 represents one or more mechanisms by which user device 102 may communicate with server 106. Thus, the network 104 may be one or more of a variety of wired or wireless communication mechanisms, including any desired combination of wired (e.g., cable and fiber optic) and/or wireless (e.g., cellular, wireless, satellite, microwave, and radio frequency) communication mechanisms and any desired network topology (or topology when multiple communication mechanisms are utilized). Exemplary communication networks include wireless communication networks (e.g., usingLow power consumption->(BLE), IEEE 802.11, vehicle-to-vehicle (V2V), 5G/LTE, etc.), local Area Network (LAN), and/or Wide Area Network (WAN) including the internet, such as Dedicated Short Range Communication (DSRC), thereby providing data communication services.
The server 106 may be a computing device programmed to provide operations including cloud computing services. The server 106 includes a processor 122, memory 124, and electronic circuitry 130. The processor 122 is programmed, for example, based on instructions stored in the memory 124, for wireless communication with the user device 102 via the network 104. The processor 122 is further programmed to receive a data key encrypted based on a public key associated with the private key and configure the electronic circuit 130 by sending the encrypted data key to the electronic circuit 130. The private key is included in the electronic circuit 130 and may also be associated with a cluster of additional isolated encryption devices, e.g., under control of an organization that provides the user with access to the computation of the encrypted data. In an example, the quarantine encryption device can be included in one or more servers 106 such that the servers 106 can work together on the same secret data set. The private key is protected within the electronic circuit 130 and within other isolated encryption devices from any type of digital communication with the corresponding electronic circuit or other isolated encryption device. The processor 122 is further programmed to receive an operation sequence and secret data from the user device 102, wherein the secret data is encrypted based on the data key. The processor 122 is further programmed to perform each operation by sequentially invoking the electronic circuits 130 to perform a sequence of operations on the encrypted secret data.
Fig. 2 shows the server 106 in more detail. Processor 122 is communicatively coupled to electronic circuitry 130 via a communication interface 210. Communication interface 210 provides digital communication between process 122 and electronic circuitry 130 and may be any configuration of wired or wireless communication systems and protocols. In a non-limiting example, communication interface 210 may be a single communication bus, such as an AXI or PCI-E. Other non-limiting examples of communication interfaces include custom interconnects, USB ports, or networks. Further, the communication interface may include two or more communication buses. As described below, the communication interface 210 exchanges encrypted data and unencrypted data with the electronic circuit 130. As described in more detail below, the encrypted data exchanged via the communication interface 210 includes data encrypted based on a symmetric encryption algorithm and an asymmetric encryption algorithm.
As part of the configuration process, the communication interface 210 sends Public Key Infrastructure (PKI) encrypted data to the electronic circuit 130. PKI-based encryption is asymmetric encryption that utilizes public and private keys. As a non-limiting example, RSA (Rivest-Shamir-Adleman) and Diffie-Hellman are known protocols for asymmetric encryption using public key/private key pairs. During the configuration process, and as described in more detail below, processor 122 utilizes communication interface bus 210 to transmit the user data key and optionally a signature encrypted based on a public key associated with the server private key to electronic circuit 130.
The communication interface 210 also sends and receives high entropy encrypted secret data to the electronic circuit 130, wherein the encrypted secret data is based on a high entropy symmetric encryption protocol and a user data key (also referred to herein simply as a "data key"). The symmetric encryption protocol may include an encryption algorithm and a decryption algorithm, characterized in that the encryption key used is the same for both encryption of plaintext and decryption of ciphertext, or a simple transformation between encryption of plaintext and decryption of ciphertext. An encryption algorithm is a sequence of operations performed on received plaintext to generate ciphertext. Similarly, a decryption algorithm is to perform a sequence of operations on ciphertext to generate plaintext. The operation of both the encryption algorithm and the decryption algorithm is based on parameters included in the data key. As an example, the data key may be a 256-bit key of the AES symmetric cryptographic algorithm. The data key used for symmetric encryption is typically a digital value of 128, 256 or more bits. If a tradeoff between performance and strong encryption strength is required, a larger data key (more bits) or a smaller data key (fewer bits) may be used. In an example, the symmetric encryption protocol may include a high entropy encryption algorithm. In this case, different encryption of the same plaintext value yields different encrypted values. Examples of known high entropy protocols include salted encryption, where the value to be encrypted is combined with a large sequence of N-bit true random bits, thus rendering 2 for each encrypted value N A different representation. Salted encryption is encryption that mixes random data into encryption to break any correlation between an encrypted value and its associated ciphertext.
The communication interface 210 also transmits the operations or sequence of operations to be performed by the electronic circuit 130 in an unencrypted form.
The electronic circuit 130 includes electronic circuit elements that are electrically coupled to perform operations. An electronic circuit element, as used herein, is a component that performs electrical functions such as passing current, switching voltage, storing charge, generating voltage, etc., and includes, as non-limiting examples: a conductor; an insulator; transistors such as bipolar transistors, MOS transistors, CMOS transistors, and other switchable devices; diodes, capacitors, and inductors. As used herein, electrically coupled means connected such that a voltage level can be transmitted and current can flow between nodes of the respective electronic circuit elements in a manner determined by the coupling.
For ease of understanding, the electronic circuit 130 is described below as comprising the following circuit blocks: a PKI decryption block 202 comprising a signature verification block 204; a private key block 206; a data key register 208; a data decryption block 220; a function block 230 optionally including a plurality of operation units 232 and a fingerprint unit 234; a data encryption block 240; and, a controller 250. These circuit blocks contain electronic circuit elements coupled to perform the functions of the corresponding blocks. The blocks may be distributed in the sense that the circuit elements for the respective blocks may be distributed throughout the electronic circuit 130. The different blocks may also be mutually exclusive in the sense that each block includes dedicated electronic components for performing only the function of the corresponding block, without overlapping use of components between the different blocks. The electronic circuitry 130 may be organized as one or more synchronous machines. A synchronous state machine in this context is an electronic circuit that can only be in a single state at a time and that advances from state to state in synchronization with a clock. In an example, each block may operate individually or collectively as a synchronous state machine.
The electronic circuit 130 may be designed, for example, by describing the operation or set of operations of the electronic circuit 130 based on an instruction set architecture that describes a set of basic operations (e.g., add, sub, mult, cmov) that may provide secret computations for programming languages such as c++, python, and the like. The circuit operations may be designed, for example, using Verilog as a hardware description language, thereby generating a hardware design that can perform the secret computations required to support program-level secret computations. The Verilog tool may then implement the coupling of a set of electronic circuit elements to perform an operation or set of operations. After the coupling of the electronic circuit elements is achieved by Verilog, the circuit elements are "synthesized" to perform the operations of their coupling. I.e. they are electrically coupled to perform the operation or the set of operations. As non-limiting examples, the electronic circuit 130 may be implemented as one or a combination of a Field Programmable Gate Array (FPGA), a custom integrated circuit, an Application Specific Integrated Circuit (ASIC), a Programmable Logic Array (PLA), or an electronic circuit integrated on a substrate.
In an example, a Field Programmable Gate Array (FPGA) containing uncoupled or partially uncoupled electronic circuit elements can be electrically coupled to perform a desired operation or set of operations based on the output of a Verilog program. In some cases, the coupling generated based on the Verilog program may be permanent. In other cases, the coupling may be erasable so that the FPGA can be reused for other applications.
As another example, the output of the Verilog tool may be used to design an asic, which is then manufactured according to standard semiconductor manufacturing techniques.
The PKI (public key infrastructure) decryption block 202 receives PKI encrypted configuration data from the processor 122 including the user data key and optionally the digital signature. Separately, the PKI decryption block 202 receives as input from the private key block 206 the value of the private key associated with the server 106, depending on the design of the electronic circuit 130.
The PKI decryption block 202 decrypts the configuration data received from the processor and extracts the user data key and the optional signature from the configuration data. The user data key may be, for example, a random number generated by the user. As used herein, a signature is a well known value that electronic circuit 130 may look up after decryption to make sure that the decrypted message is valid. The PKI decryption block 202 is electrically coupled to store the user data key in the data key register 208. The PKI decryption block 202 is also electrically coupled to provide a signature to the signature verification block 204, as described below, the signature verification block 204 verifies the signature. The PKI decryption block 202 is also electrically coupled to encrypt messages based on the user data key and to send the encrypted messages to the user device 102.
The PKI decryption block 202 receives configuration data that has been encrypted according to a known encryption algorithm based on parameters from a public key provided to the user. The PKI decryption block 202 then decrypts using a known decryption algorithm associated with the encryption algorithm and also based on parameters from the private key associated with the public key.
Alternatively, the PKI decryption block 202 may include a signature verification block 204. When available, the signature verification block 204 may verify the received signature. In an example, the signature verification block 204 compares the decrypted signature to an expected value for the decrypted signature. If the decrypted signature matches the expected decrypted signature, the signature verification block 204 determines that the received message (and thus the data key) is valid.
The private key block 206 is electrically coupled to provide the private key value for the electronic circuit 130 to the PKI decryption block 202. In an example, the private key block 206 may be a set of connections, each connection for connecting each bit of the private key to a first high potential, which may typically be a supply voltage for the electronic circuit 130, or to a second low potential, which may typically be a ground (oV) potential for the electronic circuit 130. The connection may be provided to the PKI decryption block 202 as input data controlling the operation of the PKI decryption block 202. As an example, for a private key comprising 2048 bits, the private key block 206 may provide 2048 connections to the PKI decryption block 202, wherein each connection is connected to a first high potential or a second low potential.
The data key register 208 is a digital data storage circuit electrically coupled to store decrypted user data keys and may be arranged to store as many bits as are required for symmetric encrypted data keys, for example 128 or 256 bits. The data key register 208 receives the user data key from the PKI decryption block 202 during configuration of the electronic circuit 130 for the user. The data key register 208 provides the value of the user data key to other circuit blocks within the electronic circuit 130 including the data decryption block 220 and the data encryption block 240.
The data decryption block 220 is electrically coupled to receive the encrypted secret data block via, for example, the second communication bus 212. The encrypted secret data block includes secret data and may also include a data identifier associated with the secret data. The data identifier herein is a unique digital value associated with the secret data that can be used to confirm the offspring of the secret data. The data identifier reflects the operations that have been performed to generate secret data but independent of the value of the secret data with which it is paired. The data identifier may also be referred to herein as a calculated fingerprint.
When an encrypted block of secret data is received, the data decryption block 220 is further electrically coupled to decrypt the encrypted block of secret data and provide (decrypted) secret data to the function block 230. As described above, the data decryption block 220 may execute a decryption algorithm associated with a known encryption protocol, wherein operation of the decryption algorithm is based in part on parameters included in the data key. The data decryption block 220 also provides the (decrypted) data identifier associated with the secret data to the function block 230 when the data identifier is included in the secret data block.
The function block 230 is electrically coupled to perform an operation selected from a set of available operations on one or more first secret data and to generate second secret data. The functional block 230 may be organized to include one or more operation units 232 for performing respective operations on secret data, and further include a fingerprint unit 234 for calculating a data identifier associated with the secret data. Unless otherwise stated, the term first secret data will be used herein to describe secret data input to the function block 230 as an operand of an operation, and the term second secret data will be used herein to describe secret data output from the function block 230 for an operation. Each operation may have one or more first (input) secret data and one or more second (output) second data. In some cases, for example, when the operation includes isolating the accelerator, there may be many (tens, hundreds, or more) of first secret data. The first data identifier and the second data identifier are data identifiers associated with the first secret data and the second secret data, respectively. In a sequence of operations, the second secret data and the second data identifier from an operation may be (and typically is) the first secret data and the first data identifier for a subsequent operation in the sequence.
The functional block 230 may include one or more operation units 232, wherein each operation unit 232 is a separate, dedicated set of electronic components electrically coupled to perform an operation, and further wherein each set of electronic components is mutually exclusive. That is, for example, the first set of electronic components add_enc 232 may be electrically coupled to perform an addition operation, the second set of electronic components mul_enc 232 may be electrically coupled to perform a multiplication operation, and so on.
The available operations may be mathematical operations such as addition, subtraction, etc., and may also include operations such as boolean operations, conditional movement, and data authorization, as non-limiting examples. The operation of data authorization that allows selected decrypted secret data to be output to the user is described below. The functional block 230 is electrically coupled to perform each operation independently of the first secret data it is operating on and also independently of the delay of the second secret data generated by the operation. Further, to protect confidentiality of the secret data, the operation cannot publicly declare that a failure has occurred because the declared failure condition can provide information related to the secret data. Alternatively, in the case where the operation produces an indeterminate, undefined or invalid result, the second secret data (as encrypted data) output by the operation may include an error code so as to notify the user of the error. Example operations that may be performed by the function block 230 are discussed below.
The operation to be performed is selected from a set of available operations based on an operation identifier received from the processor 122 via the second communication bus 212. For example, the function block 230 may receive an operation identifier that identifies which of the available operations should perform an operation on the first secret data from the processor 122.
As a non-limiting example, a RISC-like set of operations may be implemented by the functional block 230. Table 1 lists example interfaces between the processor 122 and the functional blocks 230 within the electronic circuit 130.
Table 1: example operations of function block 230
Additionally or alternatively, more complex algorithmic functions may be included in function block 230, for example in the form of hardware accelerators.
In an example, the ADD ENC command is sent to the electronic circuit 130 along with two encrypted secret values, which are then decrypted, added together, and the result is then encrypted and returned to the processor 122.Sub_enc, mul_enc, and div_enc perform similar operations on subtraction, multiplication, and division, respectively.
To provide protection against side-channel attacks, operations may be designed to adhere to two constraints: (1) The operations are performed with a delay independent of the secret data, and (2) the operations cannot publicly declare a fault condition. These conditions can be understood by considering the DIV ENC operation.
As described above, the operation unit div_enc may be designed to perform the division operation with a delay of secret data independent of its operation. However, in the case of the DIV ENC operation, it is also possible to divide the value by zero, resulting in a fault condition. To prevent the publicly declaring a fault condition, the DIV ENC command may be executed such that after a fixed amount of time independent of the secret data operated by the operation and also independent of the occurrence of the fault condition, a fault indicator may be embedded in the encrypted output of the operation and output by the operation. The fault indicator may be propagated to any subsequent results of the sequence of operations so that the user (or anyone decrypting the final value) may know that the operations in the sequence of operations are affected by a computational fault such as division by zero. Examples of other commands and their implementation in the sequence of operations are provided below.
In the case of providing a first data identifier associated with the first secret data, the function block 230 in the fingerprint unit 234 calculates a second data identifier associated with the second secret data. The second data identifier may be used to verify that the second secret data has been processed by the expected sequence of operations. As described in more detail below, calculating the second data identifier includes concatenating one or more first data identifiers for the operation with the operation identifier for the operation and any non-secret input data for the operation to create data to hash, and then performing a hash function on the data to be hashed.
Once the operation is completed, the functional block 230 is electrically coupled to output the second secret data and the second data identifier (when available) to the data decryption block 240.
The data encryption block 240 is electrically coupled to generate a second encrypted block of secret data by encrypting the second secret data and a second data identifier (when available). The data encryption block 240 may perform encryption based on a known encryption algorithm parameterized by the user data key. The encryption algorithm may be the counterpart of the decryption algorithm applied to the secret data as described above with reference to block 220. In generating the second encrypted data block, the data encryption block 240 may output the second encrypted data block to the controller 250, and the controller 250 may direct the second encrypted data block to the second communication bus 212, for example.
The controller 250 controls the flow of data over the communication interface 210 and also controls the operation of the electronic circuit 130 based on operations received from the processor 220. That is, the controller 250 may receive an operation identifier of an operation to be performed by the electronic circuit 130 and input data for the operation from the processor 122. The input data may include non-secret data and/or secret data. Based on this operation, the controller 250 may direct the data decryption block 220 to decrypt the secret data and provide the secret data to the function block 230. The controller may also direct non-secret data to function block 230. The controller 250 may also direct the operation identifier to the function block 230 to select an operation to perform and perform the operation. After performing the operation at functional block 230, controller 250 may receive the second encrypted secret data block from data encryption block 240 and direct the second secret data block to processor 122.
As described above, in addition to arithmetic operations, to support more complex computations, the electronic circuit 130 may also support computation of predicates, boolean expressions, and conditional shifting.
As an example of a boolean operation, the electronic circuit 130 may include an operation to compare two encrypted values to produce an encrypted predicate value (e.g., encrypted true or false). Boolean operations are typically used in software to make control decisions via conditional branches at the instruction level. However, program branches and jumps cannot be affected by the secret data in order to protect the confidentiality of the secret data. Allowing program branches and jumps to be affected by secret data will provide a control-side channel to discover secret values by examining the execution sequence of the program.
As may be provided in the electronic circuit 130, the cmov primitive is a mechanism to make program decisions in a control independent manner so that decisions may be made by the program while protecting secret data from analysis/discovery that would otherwise be possible by checking the program execution.
The CMOV primitive has the following format:
CMOV_ENC pred,true_val,false_val
has the following semantics:
result=encrypt(decrypt(pred)?decrypt(true_val):
decrypt(false_val))
where pred is the boolean first secret data value, true val is the true value of the encryption (i.e., representing a true condition), and false val is the false value of the encryption (i.e., representing a false condition).
That is, the cmov primitive:
a. receiving a predicate (pred, first encrypted secret data value), an encrypted true value (true_val), and an encrypted false value (false_val) as operands;
b. decrypting predicates, true values, and false values;
c. if the predicate is equal to the true value, setting the result to be equal to the true value;
d. if the predicate is equal to a false value, setting the result to be equal to a false value;
e. encrypting the result; and
f. and outputting the encryption result as a second secret data value.
Decision security is achieved by having the sequence of operations execute code sequences associated with "true" and "false" conditions of predicates. The encrypted boolean value may then be evaluated in function block 230 using the CMOV primitive, and an appropriate true or false result value may be selected as the result of the CMOV operation. Since the result will pass through the encryption block 240, where high entropy encryption is applied, no potential attacker can infer which decision was made, since the result of the CMOV will not resemble its "true" or "false" input value. Thus, the CMOV primitive enables the electronic circuit 130 to perform decision processing in a secret and secure manner.
The following is an example of an operation sequence written in c++ that can be performed on encrypted data operated on with boolean expressions and cmov_enc included in the electronic circuit 130.
In this example, the Meso variables and functions are specific objects of the electronic circuit 130. In addition, the compiler directs the computation of the Meso variables to the electronic circuit 130 via c++ operator reload or similar methods. In the encrypted string search, the main loop iterates through all string characters without knowing the length of the string. At each step of the loop, the mismatch predicate will determine whether the character string being searched matches the current search string character. The results of this test are accurate, but are not known to the programmer because the string, search string, and comparison predicate are all encrypted. The endpoint predicate determines whether the current character comparison was last performed based on the end of the string or based on the end of the search string. Once the loop predicate is calculated, the loop statement will either 1) calculate the meaning of the comparison (greater than, less than, equal to) issue a mismatch signal, or 3) continue the comparison if the search is complete. Once the solution is determined, the software (operating in the processor 122) is unaware of the solution, so even after a search solution may be found, the software continues to process loops until all possible search locations have been accessed.
Optionally, the electronic circuit 130 may be enhanced to also verify the integrity of the computation. This security measure ensures that the sequence of operations previously submitted to the server 106 for execution by the electronic circuit 130 is not subsequently altered by, for example, an attacker. In an example, the electronic circuit 130 may further include a fingerprint unit 234 electrically coupled to the process data identifier. The data identifier herein is a unique digital value associated with the secret data that can be used to confirm the offspring of the secret data. In an example, the data identifier associated with the secret data from the user may be a unique number selected by the user. The secret data entered by the user may be referred to herein as secret source data, and the data identifier entered by the user and associated with the secret source data may be referred to as a secret source data identifier. For an operation performed within electronic circuitry 130, a subsequent data identifier associated with the output secret data from the operation may be calculated. These subsequent data identifiers may be calculated as a one-way hash function of the data identifiers associated with the input secret data of the operation, the operation identifier of the operation, and the non-secret input data of the operation. The following is a determination of the operation sequence ENCVAL i An example of a data identifier for the ith operation in (a).
ENCVAL for the encrypted secret data block of the ith operation in the sequence of operations i Is a tuple<CF i ,VAL i >Wherein CF i Data identifier, VAL, which is the ith result i Is the actual value of the operation result i (i.e., integer or floating point value, etc.). ENCVAL i The tuple is encrypted under the data key:
ENCVAL i =encrypt(<CF i ,VAL i >). 1 (1)
Then, the following operations are to be performed by the electronic circuit 130:
SE op ENCVAL x ,ENCVAL y ,IMM z
wherein SE is op Is an identifier of an operation to be performed by electronic circuit 130, ENCVAL x From previous operationsENCVAL as encryption result of x y Is the result of encryption from the previous operation y, and IMM z Is a direct non-secret value also used in this operation, the second data identifier CF of operation i i It can be calculated as:
CF i =one-way-hash(<SE op ,CF x ,CF y ,IMM z >) 2, 2
The one-way-hash () may be an appropriate encrypted one-way hash function (e.g., SHA-1). The above formula is with two operands ENCVAL x And ENCVAL y An example calculation of the data identifier for the operation of (a). Many variations of this scheme are possible. For example, all operands will have to be incorporated into the fingerprint hash, regardless of the number. Moreover, the order in which the values are hashed for a given instruction is not important, so long as it is consistent for each execution of the corresponding operation by electronic circuitry 130. Furthermore, if multiple instant values are used, all of their information must be incorporated into the fingerprint calculation.
As an example, an "add" operation to secret data is presented according to the flow chart of fig. 3, including the use of a data identifier. In an example operation, the electronic circuit 130 receives a first encrypted block of secret data x 310 and first encrypted secret data block x 320. First encrypted secret data block x 310 includes an encrypted data identifier CF x 312 and first encrypted secret data VAL x 314. First encrypted secret data block y 320 includes a first encrypted data identifier CF y 322 and first encrypted secret data VAL y 324。
The electronic circuit 130 then encrypts the first block of secret data in a decryption block 220 x 310 and first secret encrypted data block y 320 to generate first secret data blocks, respectively x 330 and first secret data block y 340. First secret data block x 330 includes the first data identifier CF in decrypted form x 332 and first secret data VAL x 334. First secret data block y 340 comprises a first data identifier CF in decrypted form y 342 andfirst secret data VAL y 344。
Next, the function block 230 calculates a second data identifier Cf in the fingerprint unit 234 i 352. To this end, the fingerprint unit 234 will first data identifier CF x 332 and a first data identifier CF y 342 to generate data, and then apply a one-way hash function to the data to be hashed to generate a second data identifier Cf i 352. Note that the second data identifier Cf i 352 is calculated independently of the first secret data VAL x 334 and first secret data VAL y 344。
The function block 230 also performs an addition function in an addition unit 232. That is, the adder 232 adds the first secret data VAL x 334 and first secret data VAL y 344 to generate second secret data VAL i 354。
The function block 230 then forms a second data identifier Cf i 352 and second secret data VAL i 354 to generate a second secret data block i 350. The encryption block 240 then encrypts the second secret data block i 350 to generate an encrypted second secret data block i 360, encrypted second secret data block i 360 includes an encrypted second data identifier CF i 362 and encrypted second secret data VAL i 364。
An important feature of the data identifiers is that the values of the data identifiers are independent of the secret data with which they are paired. To prevent the data identifier from being changed by decisions on secret data, the data identifier may be used in conjunction with a CMOV operation. The CMOV primitives make program decisions in a control-independent manner. That is, the decisions it implements have no impact on the running computation. The same primitive also stops the creation of the control side channel, which is important for the overall security of the electronic circuit 130.
As described above, CMOV operations have the following format:
CMOV_ENC pred,true_val,false_val
has the following semantics:
result=encrypt(decrypt(pred)?decrypt(true_val):
decrypt(false_val))
where pred is the boolean first secret data value, true val is the true value of the encryption (i.e., representing a true condition), and false val is the false value of the encryption (i.e., representing a false condition).
Thus, any secret computation will have to compute the results of the true and false conditions, which will result in the fingerprint of the operation (which includes CMOV, CF pred 、CF true_val And CF (compact F) false_val ) Any decision made independent of the CMOV primitive. For security reasons, it is important that true_val and false_val be decrypted and then re-encrypted with the high entropy password included in the electronic circuit 130. Otherwise, an attacker can easily find the boolean value of pred by simply looking at which of the two source values is passed to the result. With high entropy passwords, all results are purely random from the point of view of the attacker.
Privacy-preserving computing provides an infrastructure of data identifiers that are not available to traditional non-private computing models (e.g., general purpose computing). First, because these values are not visible to the program or programmer, the privacy-enhanced computing environment may prevent secret data values from affecting the control flow of the program. Furthermore, by embedding the data identifier into the encrypted data values, an attacker cannot know these values or manipulate them unless cryptography is compromised. Furthermore, by encapsulating the data identifier and the secret value in the same encrypted data packet, the data identifier and the secret value are corrupted at the same time if the ciphertext is manipulated.
Data authorization is another example of an operation that may be performed by electronic circuitry 130 that includes the calculation of a data identifier. The data authorization utilizes the data identifier to securely release the privacy-preserving secret from the sequence of operations on the secret data. In the data authorization operation, the specific value generated in the operation sequence can be released by the permission of the data owner. In an example, information related to data authorization is prepared and encrypted by the data owner. This may prevent human-specific algorithms other than the data owner from providing data authorization. Furthermore, changes made to an algorithm by program updates or malicious hackers will invalidate the data authorized for the algorithm. Thus, data authorization (i.e., release of encrypted secret data) only works if the data identifier is not corrupted—this attribute is necessary, otherwise an attacker may misuse the data authorization to release other secret information. The following is a description of the data authorization operation.
The data authorization of the result of operation i consists of the following information:
DG i =encrypt(CF i )
the electronic circuit 130 supports additional instructions for data authorization:
SE datagrant DG i ,ENCVAL i
has semantics:
if(decrypt(DG i )==decrypt(ENCVAL i ).CF i )then result<=
decrypt(ENCVAL i ).VAL i else#security-violation
this operation will receive the encrypted expected second data identifier DG of the ith operation i Second secret data block ENCVAL from ith operation i As input. This operation will use the data key and the encrypted second secret data block ENCVAL i To decrypt the data authorization DG i Compare two decrypted data identifiers and if they match, then ENCVAL i Is placed in a destination register of the electronic circuit 130. That is, at the expected second data identifier DG i Equal to the actual second data identifier CF i In the case of (a), the data authorization operation will output the previous secret value ENCVAL in decrypted form i . This is allowed because the equivalence of two values represents two important conditions: 1) Data owner allows decryption and release of DG i The associated program value, 2) the secret computation has run until the same program point is unaffected by the potential hacker attempting to reorder the operations performed on the secret data. Note that the data grant may be any value, including a non-privacy preserving value. Thus, data station cooperating with program developerThe someone must verify the conditions under which they release the data authorization to ensure that the released information is indeed privacy preserving.
In an example, a client may run a data identifier calculator to determine an expected data identifier for an operation from a sequence of operations. The data identifier calculator may be a program provided to the user, for example, from an organization maintaining the server 106. The data identifier calculator may be used to calculate an expected data identifier of a data value authorized by the data, and may also be used to calculate an expected final data identifier of the data output at the end of the sequence of operations.
For example, the computer 110 in the user device 102 may apply the data identifier calculator to generate the expected data identifier CF of the sequence of operations xpctd . As described above, the data identifier for the operation to be performed by the electronic circuit 130 can be calculated according to the following formula
CF i =one-way-hash(<SEop,CFx,CFy,IMMz>) 2 (2)
Wherein CF is as follows i Is the second data identifier of the ith operation, SE op Is the operation identifier of the ith operation, CF x Is from previous operations x Is a second data identifier of CF y Is a second data identifier from a previous operation y ,IMM z Is an instant non-secret value that is also used in operation. The sequence of operations may be a sequence of operations that result in a data authorization operation, or the entire sequence of operations up to and including the final operation. The user may provide the sequence of operations to the data identifier calculator and the source data identifier to the data identifier calculator. The user may then invoke the data identifier calculator to calculate the expected data identifier CF xpctd
The use of data authorization techniques may be illustrated with an example of a voting machine. In this example, the electronic circuit 130 may securely disclose information regarding whether the vote matches a valid candidate in a privacy-preserving manner. The following pseudocode demonstrates this function:
In this example, the DG variable datagrant is an encrypted data identifier assigned to the final value of the encrypted boolean variable match. At the end of the voting algorithm, if the matched candidate receives the vote, then matched is true; if the vote does not match any valid candidates, then matched is false. Once the value is revealed, the if statement in the program evaluates the decrypted Boolean_matched value and if a valid candidate is not selected, an error message is printed to inform the candidate of this. It should be noted that if the datagrant ciphertext is corrupted in any way, then SE datagrant The operation will fail. Furthermore, if the secret calculation is altered in any way, SE datagrant The operation may fail.
The data authorization may optionally be signed by a third party to provide protection against malicious code trojans. This may be understood as a guardrail form that can detect when any content changes during execution of an operational sequence, thereby providing a mechanism to prevent supply chain attacks. In the case of a default use of data authorization, the developer will identify the data identifiers of the operation sequence and provide those data identifiers to the data owner who can then choose encryption and enable release of the selection values from the operation sequence. Through this mechanism, the developer can ensure that the secret computation is protected from various forms of external software hacking on the system running the sequence of operations. Another threat that data identifiers may address is malicious code trojans. Malicious code trojans are places where rogue developers secretly introduce code into the system to destroy computation or reveal sensitive data. The data identifier may prevent malicious code trojans by utilizing a third party signature of the data authority. Instead of providing the data authorization directly to the data owner, the developer provides the data authorization to a third party, who will then check the secret calculation code, prove via detailed code checking that the data authorization operation is not dangerous or malicious, and finally digitally sign the data authorization using their private key (e.g. using RSA). The data owner may then verify the certified data authority by decrypting it using the public key of the certifying entity, and then encrypt the data authority for use in verifying the secret calculation. Using this attestation method, any malicious code trojans inserted into the secret computation will destroy the computed fingerprint and not allow the data authorization to proceed. In addition to stealing the private key of the proving entity, this approach will prevent malicious code Trojan in secret computation.
Fig. 4 is a flow chart of an example process 400 for configuring electronic circuitry 130 for a user by installing a user data key. In process 400, electronic circuit 130 receives a user data key encrypted based on a Public Key Infrastructure (PKI), stores the user data key, verifies a digital signature associated with a sender of the user data key, and returns a message to the user that has been encrypted according to the user data key. Process 400 begins at block 402.
In block 402, a certification authority (e.g., an organization maintaining and commercializing server 106) associated with electronic circuit 130 provides a public key to a user for accessing electronic circuit 130. The public key is associated with a private key included in the electronic circuit 130 such that data encrypted by an encryption algorithm using the public key may be decrypted within the electronic circuit 130 by a decryption algorithm using the private key. For example, an organization may provide public keys to potential users upon request of the users. Encryption algorithms and decryption algorithms may be well known and publicly available such that a user only needs the public key of electronic circuit 130 to provide encrypted data. As described above, RSA and Diffie-Hellman are examples of known protocols for asymmetric public key/private key encryption. The process 400 continues in block 404.
In block 404, the user encrypts the configuration data of electronic circuit 130 using a public key in accordance with a Public Key Infrastructure (PKI) asymmetric encryption protocol, such as RSA or Diffie-Hellman, as described above. The configuration data includes the user's data key and optionally a signature.
The user's data key is a digital value that can be used by a symmetric encryption algorithm to generate encrypted data, and also by a decryption algorithm to decrypt the data. The data key may be a random number provided by the user. In a non-limiting example, the data key may be 128 bits. Smaller (fewer bits) and larger (more bits) data keys may also be applied, depending on the encryption and decryption algorithms employed by the system.
The signature is a digital value that can be used by the electronic circuit 130 to verify the configuration data. In an example, as described above, the signature may be a known digital value. The signature value is provided to the user by an organization, such as maintenance server 160, so that the signature will be compatible with signature verification block 204 included in electronic circuit 130.
After encrypting the configuration data, the user sends the encrypted data to the electronic circuit 130 in block 406. Configuration data is sent from the user device 102 to the server 106 (fig. 1) via the network 104. Within the server 106, the processor 122 receives the configuration data and then sends the configuration data to the electronic circuit 130. Alternatively, the user may provide the server 106 with access to a data store that includes configuration data, and the server 106 may retrieve the configuration data.
In block 408, the electronic circuit 130 decrypts the configuration data by applying a decryption algorithm and a private key. The private key may be a digital value that is paired with a public key used by the user according to a selected Public Key Infrastructure (PKI) encryption protocol. The process continues in block 410 when the electronic circuit 130 decrypts the configuration data.
In block 410, the electronic circuit 130 extracts the data key from the configuration data and stores the data key in the data key register 208. The process continues in block 412.
In block 412, optionally, where the configuration data includes a signature and the electronic circuit 130 includes a signature verification block 204, the process continues in block 414. Otherwise, the process 400 ends.
In block 414, the electronic circuit 130, for example in the signature verification block 204, verifies the digital signature included in the configuration data. In an example, the signature verification block 204 is electrically coupled to compare a signature extracted from the configuration data with an expected value of the signature. In the event that the signature included in the configuration data matches the expected value, the electronic circuit 130 determines that the configuration data is valid and continues in block 416. Otherwise, the process 400 continues in block 418.
In block 416, the electronic circuit 130 is ready to perform a sequence of operations on the secret data. Process 400 ends.
In block 418, the configuration of the electronic circuit 130 and the electronic circuit will not be able to perform operations on the secret data. Process 400 ends.
Fig. 5 is a flow chart of an example process 500 for performing operations on secret data within electronic circuit 130. Process 500 begins at block 502.
In block 502, the user provides an encrypted first block of secret data and a sequence of operations to be performed to the processor 122 in the server 106. The first secret data block may include user source secret data and may also include a user source data identifier. In an example, the user source secret data and the user source data identifier may be combined in a tuple and the tuple may be encrypted based on a symmetric encryption protocol and the user data key.
Next, in block 504, the electronic circuit 130 receives an operation identifier from the processor 122 that identifies an operation to be performed.
Next, in block 506, the electronic circuit 130 receives input data for an operation to be performed, where the input data may include non-secret data and may also include secret data, i.e., one or more first blocks of secret data from the processor 122. The process 500 continues at block 508.
In block 508, based on the operation to be performed, the electronic circuit 130 decrypts the first secret data, e.g., in the data decryption block 220, according to a decryption algorithm and a user data key. Here, the decryption algorithm must correspond to an encryption algorithm for encrypting the secret data. The data decryption block 220 then provides the (decrypted) secret data and, when applicable, the data identifier to additional circuitry (e.g., function block 230) in the electronic circuit 130 for further processing.
In block 510, the electronic circuit 130 performs an operation to be performed on the secret data. For example, the function block 230 may select a set of electrically coupled circuit elements to perform an operation based on the operation identifier. The electronic circuit 130 then provides the secret data to the selected set of electrically coupled circuit elements and performs an operation to generate second secret data as an output of the operation. Process 500 then continues in block 512.
In block 512, with the system 100 electrically coupled to the process data identifier, the electronic circuit 130 in the fingerprint unit 234 calculates the second data identifier as described above. The fingerprinting unit 234 creates an intermediate value by concatenating the data identifier of each input operand to the operation, each non-secret data input to the operation, and the operation identifier. Fingerprint unit 234 then applies the one-way hash to the intermediate value to generate a second data identifier for the operation.
For example operations
SE op ENCVAL x ,ENCVAL y ,IMM z
Wherein SE is op Is an identifier of an operation to be performed by electronic circuit 130, ENCVAL x Is the encryption result from the previous operation x, ENCVAL y Is the result of encryption from the previous operation y, and IMM z Is a direct non-secret value also used in operation, the second data identifier CF of operation i i It can be calculated as:
CF i =one-way-hash(<SE op ,CF x ,CF y ,IMM z >). 2, 2
When calculating the second data identifier CF of operation i i At that point, process 500 continues in block 514.
In block 514, after calculating the second data identifier, the electronic circuit 130 is based on the second secret data VAL generated in block 510 i And the second data identifier CF generated in block 514 i To encrypt the second secret data block. For example, electronic circuit generation tuples<CF i ,VAL i >. Then, the electronic circuit 130 pairs the tuples<CF i ,VAL i >Encryption is performed to generate a second encrypted block of secret data. Process 500 continues in block 516.
In block 516, the electronic circuit 130 outputs the encrypted second block of secret data to the processor 122.
When an encrypted block of secret data is received from the electronic circuit 130, the processor 122 determines whether the sequence of operations is complete. In the event that the sequence of operations has not been completed, the process 500 continues in block 504 and blocks 504 through 516 are repeated for the next operation in the sequence. In the event that the sequence of operations is complete, the process 500 continues in block 520.
In the case of block 520, the processor 122 sends the encrypted second secret data block to the user device 102. Note that in this case the encrypted second secret data block is the result of the final operation of the sequence of operations and thus also the encrypted final secret data block, comprising the final secret data from the sequence of operations and the final data identifier. Process 500 ends.
FIG. 6 is a diagram of a expected final data identifier CF for passing a sequence of operations ef And the actual final data identifier CF f A flow chart of an example process 600 for comparing to verify a sequence of operations performed on data. Process 600 begins at block 602.
In block 602, a computer (e.g., computer 110 in user device 102) generates an expected final data identifier CF ef . As described above, the computer 110 may include a data identifier calculator that is based on a known sequence of operations and an initial source data identifier CF for each initial source secret data src To calculate the expected data identifier CF xpctd . Expected final identifier CF of a final operation in a sequence of operations ef Then equal to the expected data identifier CF output from the data identifier calculator xpctd . The user can input the operation sequence and the initial source data identifier CF src And running a data identifier calculator to calculate the CF of the final operation ef . When calculating the expected final data identifier CF ef At this point, process 600 is at blockAnd continues at 604.
In block 604, the user performs a sequence of operations via the server 106 and the electronic circuit 130, as described in process 500 above.
Upon completion of execution of the sequence of operations, the user equipment receives the final data identifier CF from the server 106 f . Process 600 continues at block 608.
In block 608, the computer 110 included in the user device 102 will expect the final data identifier CF ef And final data identifier CF f A comparison is made. In anticipation of the final data identifier CF ef Not equal to the final data identifier CF f In the case of (a), the process 600 continues in block 610. In anticipation of the final data identifier CF ef Equal to the final data identifier CF f In the case of (2), the process 600 continues in block 612.
In block 610, the computer 110 determines that the final data identifier CF is expected ef Or the actual final data identifier CF f An error occurs in the calculation of (a). The computer 110 may output a warning to the user indicating that the secret data generated by the sequence of operations is not (or may not) valid. Process 600 ends.
In block 612, the computer 110 determines that the operation sequence matches the expected operation sequence and that secret data generated from the operation sequence is valid. Process 600 ends.
Thus, a system for processing secret data within an electronic circuit is disclosed that operates on secret data using only hardware, and interfaces of the electronic circuit with other devices do not allow access to unencrypted secret data or data keys. To prevent software hacking, the electronic circuit does not contain any software. Operations performed on secret data within the electronic circuit have delays independent of the secret data, do not use shared memory resources of the secret data, make decisions in a control independent manner, and do not declare a fault condition to protect the secret data from side channel attacks. The system may further comprise a data identifier allowing to confirm the integrity and authenticity of the result from the sequence of operations performed on the secret data.
All terms used in the claims are intended to be given their plain and ordinary meaning as understood by those skilled in the art unless otherwise indicated herein explicitly. In particular, the use of singular articles such as "a," "an," "the," and the like are to be construed to recite one or more of the indicated elements unless a claim recites an explicit limitation to the contrary.
The term "based on" herein refers to being based, in whole or in part.
The term "exemplary" is used herein in the sense of representing examples, e.g., reference to "exemplary widget" should be understood to refer simply to an example of a widget.
In the drawings, like reference numerals refer to like elements. Furthermore, some or all of these elements may vary.
In general, the described computing systems and/or devices may employ any of a variety of computer operating systems, including, but in no way limited to, microsoft WindowsVersions and/or variants of operating systems, unix operating systems (e.g., distributed by Oracle Corporation of Redwood Shores, california)>Operating system), AIX UNIX operating system distributed by International Business Machines of Armonk, N.Y., linux operating system distributed by Armonk, N.Y., mac OSX and iOS operating systems, apple Inc. of Coprinus, calif., blackberry operating system distributed by blackberry Inc. of Torile, canada, and Android operating system developed by Google, inc. and open cell phone alliance. Examples of computing devices include, but are not limited to, network devices such as gateways or terminals, computer workstations, servers, desktop computers, notebook computers, laptop or handheld computers, or some other computing system and/or device.
Computing device generalOften include computer-executable instructions that can be executed by one or more computing devices, such as those listed above. Computer-executable instructions may be derived from Java using a variety of programming languages and/or include, but are not limited to, java alone or in combination TM Computer program compilations or interpretations created by techniques such as C, C ++, visual Basic, java Script, perl, etc. Some of the applications may be compiled and executed on virtual machines such as Java virtual machines, dalvik virtual machines, and the like. In general, a processor (e.g., a microprocessor) receives instructions, e.g., from a memory, a computer-readable medium, etc., and executes the instructions, thereby performing one or more processes, including one or more of the processes described herein. Such instructions and other data may be stored and transmitted using a variety of computer-readable media.
Computer-readable media (also referred to as processor-readable media) include those that participate in providing information that may be provided by a computer (e.g., by a processor of a computer). Such a medium may take many forms, including but not limited to, non-volatile media and volatile media. The instructions may be transmitted over one or more transmission media, including optical fiber, wired, and wireless communications, including internal structures including a system bus that couples to the processor of the computer. Common forms of computer-readable media include, for example, RAM, PROM, EPROM, FLASH-EEPROM, any other memory chip or cartridge, or any other medium from which a computer can read.
The databases, data repositories, or other data stores described herein may include various mechanisms for storing, accessing, and retrieving various data, including a hierarchical database, a set of files in a file system, a proprietary format application database, a relational database management system (RDBMS), and the like. Each such data store is typically included within a computing device employing a computer operating system, such as one of the operating systems described above, and is accessed in any one or more ways via a network. The file system may be accessed from a computer operating system and may include files stored in various formats. In addition to the languages used to create, store, edit, and execute stored procedures (e.g., the PL/SQL language mentioned above), RDBMS typically employ Structured Query Language (SQL).
In some examples, system elements may be implemented as computer-readable instructions (e.g., software) on one or more computing devices (e.g., servers, personal computers, etc.), stored on a computer-readable medium (e.g., disk, memory, etc.) associated therewith. The computer program product may include instructions stored on a computer-readable medium for performing the functions described herein.
With respect to the processes, systems, methods, heuristics, etc. described herein, it should be understood that while the steps of such processes, etc. have been described as occurring according to a particular ordered sequence, such processes may be practiced with the described steps performed in an order different than the order described herein. It should also be understood that certain steps may be performed concurrently, other steps may be added, or certain steps described herein may be omitted. In other words, the description of the processes herein is provided for the purpose of illustrating certain embodiments and should not be construed as limiting the claims in any way.
Accordingly, it is to be understood that the above description is intended to be illustrative, and not restrictive. Many embodiments and applications other than the examples provided will be apparent upon reading the above description. The scope should be determined not with reference to the above description, but should instead be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled. It is anticipated and intended that future developments will occur in the arts discussed herein, and that the disclosed systems and methods will be incorporated into such future embodiments. In summary, it should be understood that the application is capable of modification and variation.
The abstract is provided to allow the reader to quickly ascertain the nature of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. In addition, in the foregoing detailed description, it can be seen that various features are grouped together in various embodiments for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments require more features than are expressly recited in each claim. In contrast, inventive subject matter lies in less than all features of a single disclosed embodiment as reflected in the accompanying claims. Thus, the following claims are hereby incorporated into the detailed description, with each claim standing on its own as a separately claimed subject matter.

Claims (20)

1. A system, comprising:
an electronic circuit that performs an operation on the encrypted data; wherein the electronic circuit comprises electronic circuit elements electrically coupled to:
receiving an encrypted first secret data block comprising a first data identifier;
decrypting the encrypted first secret data block;
combining the data identifier and an operation identifier of an operation to be performed to generate an intermediate value;
Applying a one-way hash function to the intermediate value to generate a second data identifier; and
encrypting the second data identifier for output.
2. The system of claim 1, wherein:
the encrypted first secret data block further comprises first secret data; and the electronic circuit is further electrically coupled to:
after decryption of the encrypted first secret data block, performing the operation to be performed on the first secret data to generate second secret data;
encrypting the second secret data with the second data identifier to generate an encrypted second secret data block; and
outputting the encrypted second secret data block.
3. The system of claim 2, wherein:
the first secret data is secret source data from a user who provides secret data to the operation to be performed; and is also provided with
The first data identifier is a secret source data identifier from the user providing the secret data to the operation to be performed.
4. The system of claim 2, wherein in a sequence of operations, the encrypted first block of secret data is the encrypted second block of secret data from a previous operation of the electronic circuit.
5. The system of claim 2, wherein the electronic circuit is further electrically coupled to:
receiving one or more additional encrypted first secret data blocks, each additional encrypted first secret data block comprising corresponding additional first secret data and corresponding additional first data identifiers;
generating the second secret data by performing the operation further based on the one or more respective additional first secret data; and
the second data identifier is further generated based on each of the respective additional first data identifiers.
6. The system of claim 2, wherein the electronic circuit is further electrically coupled to:
receiving one or more non-secret data;
generating the second secret data by performing the operation further based on the one or more non-secret data; and
the second data identifier is further generated based on the one or more non-secret data.
7. The system of claim 2, wherein the electronic circuit is further electrically coupled to:
receiving the second data identifier from a previous operation in a sequence of operations;
decrypting the second data identifier from the operation;
Comparing the decrypted second data identifier from the operation with an expected second data identifier from the decryption of the operation; and
outputting the decrypted second secret data from the operation when the decrypted second data identifier matches the decrypted expected second data identifier from the operation.
8. The system of claim 7, wherein the electronic circuit receives the encrypted expected second data identifier as input from a user.
9. The system of claim 7, wherein the encrypted expected second data identifier is determined based on an expected sequence of operations to be performed by the electronic circuit.
10. The system of claim 2, wherein the encrypted first block of secret data comprises a boolean first secret data value, and the electronic circuit is further electrically coupled to:
receiving true val, wherein true val is a first secret data block comprising a secret true value and a first calculated data identifier associated with the true value;
receiving false_val, wherein false_val is a first secret data block comprising a secret dummy value and a first calculation identifier associated with the dummy value;
Performing conditional move operations with semantics:
"results=encrypt (decrypt (input Boolean value)
The second data identifier is generated based on an identifier for the conditional move operation, a first calculated data identifier associated with the boolean first secret value, the first calculated data identifier associated with the true val, and the first calculated data identifier associated with the false val.
11. The system of claim 2, the electronic circuit further electrically coupled to:
calculating, for a sequence of operations, an encrypted second secret data block for each operation based on an operand for the operation and an identifier of the operation; wherein the operand may be first secret data and non-secret data; and
providing the encrypted second secret data block of the final operation of the sequence of operations to a user; wherein:
said encrypted first secret data for initial operation comprising an encrypted secret source identifier from a user; and is also provided with
Each of the encrypted first secret data for a subsequent operation is encrypted second secret data from a respective previous operation.
12. The system of claim 11, further comprising a computer comprising a processor and a memory, the memory comprising instructions that cause the processor to be programmed to:
receiving the encrypted second block of secret data from the electronic circuit from the final operation;
decrypting said second data identifier from said encrypted second secret data block from said final operation;
comparing the decrypted second data identifier from the final operation with an expected second data identifier from the final operation; and
and outputting the comparison result to a user.
13. The system of claim 2, further comprising a computer comprising a processor and a memory, the memory comprising instructions that cause the processor to be programmed to:
transmitting the encrypted first block of secret data to the electronic circuit;
transmitting the operation to be performed to the electronic circuit;
receiving the encrypted second block of secret data from the electronic circuit; and
providing the encrypted second secret data block to a user or a second computer operated by the user.
14. The system of claim 2, wherein the encrypted first block of secret data is based on encryption of a first tuple of the first secret data value and the first data identifier.
15. The system of claim 2, wherein the encrypted second secret data value is based on encryption of a second tuple of the second secret data value and the second data identifier.
16. The system of claim 1, wherein the encryption is based on a high entropy encryption algorithm, wherein each encryption of the same plaintext value results in a randomly selected different encrypted value.
17. The system of claim 1, wherein the first encrypted block of secret data and the second encrypted block of secret data are encrypted based on a symmetric encryption algorithm.
18. The system of claim 1, wherein the electronic circuit comprises an interface that prevents access to unencrypted data including the data key, the first secret data, and the second secret data by a computing device external to the electronic circuit.
19. The system of claim 1, wherein the electronic circuit is further electrically coupled to output the second block of secret data.
20. A method, comprising:
receiving, by the electronic circuit, an encrypted first block of secret data comprising the first secret data and a first data identifier;
decrypting the encrypted first secret data block;
generating an intermediate value based on the first data identifier and an operation identifier of an operation to be performed;
applying a one-way hash function to the intermediate value to generate a second data identifier;
performing the operation to be performed on the first secret data to generate second secret data;
encrypting the second data identifier with the second secret data to generate a second secret data block; and
and outputting the second secret data block to a computer.
CN202180093277.1A 2020-12-18 2021-12-17 Privacy enhanced computing via quarantine encryption Pending CN116888921A (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US63/127,183 2020-12-18
US202163221594P 2021-07-14 2021-07-14
US63/221,594 2021-07-14
PCT/US2021/063947 WO2022133165A1 (en) 2020-12-18 2021-12-17 Privacy-enhanced computation via sequestered encryption

Publications (1)

Publication Number Publication Date
CN116888921A true CN116888921A (en) 2023-10-13

Family

ID=88260958

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202180093273.3A Pending CN116897524A (en) 2020-12-18 2021-12-17 Privacy enhanced computing via quarantine encryption
CN202180093277.1A Pending CN116888921A (en) 2020-12-18 2021-12-17 Privacy enhanced computing via quarantine encryption

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202180093273.3A Pending CN116897524A (en) 2020-12-18 2021-12-17 Privacy enhanced computing via quarantine encryption

Country Status (1)

Country Link
CN (2) CN116897524A (en)

Also Published As

Publication number Publication date
CN116897524A (en) 2023-10-17

Similar Documents

Publication Publication Date Title
US9686248B2 (en) Secure shared key sharing systems and methods
KR102467596B1 (en) Blockchain implementation method and system
CN109313690B (en) Self-contained encrypted boot policy verification
US9043615B2 (en) Method and apparatus for a trust processor
US7484105B2 (en) Flash update using a trusted platform module
JP4673890B2 (en) How to transfer a certification private key directly to a device using an online service
JP4638912B2 (en) Method for transmitting a direct proof private key in a signed group to a device using a distribution CD
JP4616345B2 (en) A method for directly distributing a certification private key to a device using a distribution CD
KR20070057968A (en) Sharing a secret by using random function
US11575501B2 (en) Preserving aggregation using homomorphic encryption and trusted execution environment, secure against malicious aggregator
JP7256862B2 (en) Secure communication method and system between protected containers
US11748521B2 (en) Privacy-enhanced computation via sequestered encryption
Künnemann Automated backward analysis of PKCS# 11 v2. 20
EP2286610A2 (en) Techniques for peforming symmetric cryptography
CN116888921A (en) Privacy enhanced computing via quarantine encryption
KR102199464B1 (en) Method of authentication among nodes participating in consortium blockchain
Kocher Public Key Cryptography in Computer and Network Security
CN114124366A (en) Key generation method of trusted chip and related equipment
WO2023145240A1 (en) Information processing device and information processing system
Chaki et al. Verification across intellectual property boundaries
Madeira Towards more Secure and Efficient Password Databases
Lenard et al. A Key to Embedded System Security: Locking and Unlocking Secrets with a Trusted Platform Module
KR20230037588A (en) How to remotely program a programmable device
Panoff et al. A Tenant Side Compilation Solution for Cloud FPGA Deployment
Κασαγιάννης Security evaluation of Android Keystore

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination