WO2018140961A1 - Procédés et systèmes pour un chiffrement amélioré homomorphe additif centré sur les données à l'aide d'une algèbre géométrique - Google Patents

Procédés et systèmes pour un chiffrement amélioré homomorphe additif centré sur les données à l'aide d'une algèbre géométrique Download PDF

Info

Publication number
WO2018140961A1
WO2018140961A1 PCT/US2018/016000 US2018016000W WO2018140961A1 WO 2018140961 A1 WO2018140961 A1 WO 2018140961A1 US 2018016000 W US2018016000 W US 2018016000W WO 2018140961 A1 WO2018140961 A1 WO 2018140961A1
Authority
WO
WIPO (PCT)
Prior art keywords
multivector
computing device
cryptotext
shared secret
numeric
Prior art date
Application number
PCT/US2018/016000
Other languages
English (en)
Inventor
Carlos A. Paz De Araujo
David W. HONORIO ARAUJO DA SILVA
Marcelo ARAUJO XAVIER
Gregory B. Jones
Original Assignee
X-Logos, LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US15/667,325 external-priority patent/US10728227B2/en
Application filed by X-Logos, LLC filed Critical X-Logos, LLC
Publication of WO2018140961A1 publication Critical patent/WO2018140961A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem

Definitions

  • Modern encryption employs mathematical techniques that manipulate positive integers or binary bits.
  • Asymmetric encryption such as RSA (Rivest-Shamir-Adleman) relies on number theoretic one-way functions that are predictably difficult to factor and can be made more difficult with an ever increasing size of the encryption keys.
  • Symmetric encryption such as DES (Data Encryption Standard) and AES (Advanced Encryption Standard), uses bit manipulations within registers to shuffle the cryptotext to increase "diffusion" as well as register based operations with a shared key to increase "confusion.” Diffusion and confusion are measures for the increase in statistical entropy on the data payload being transmitted.
  • Diffusion is generally thought of as complicating the mathematical process of generating unencrypted (plain text) data from the encrypted (cryptotext) data, thus, making it difficult to discover the encryption key of the encryption process by spreading the influence of each piece of the unencrypted (plain) data across several pieces of the encrypted (cryptotext) data.
  • an encryption system that has a high degree of diffusion will typically change several characters of the encrypted (cryptotext) data for the change of a single character in the unencrypted (plain) data making it difficult for an attacker to identify changes in the unencrypted (plain) data.
  • Confusion is generally thought of as obscuring the relationship between the unencrypted (plain) data and the encrypted (cryptotext) data.
  • an encryption system that has a high degree of confusion would entail a process that drastically changes the unencrypted (plain) data into the encrypted (cryptotext) data in a way that, even when an attacker knows the operation of the encryption method (such as the public standards of RSA, DES, and/or AES), it is still difficult to deduce the encryption key.
  • Homomorphic Encryption is a form of encryption that allows computations to be carried out on cipher text as it is encrypted without decrypting the cipher text that generates an encrypted result which, when decrypted, matches the result of operations performed on the unencrypted plaintext.
  • homomorphism comes from the ancient Greek language: ⁇ (homos) meaning “same” and ⁇ (morphe) meaning "form” or “shape.”
  • homomorphism may have different definitions depending on the field of use. In mathematics, for example, homomorphism may be considered a transformation of a first set into a second set where the relationship between the elements of the first set are preserved in the relationship of the elements of the second set.
  • a map / between sets A and £ is a homomorphism of A into B if
  • homomorphism may be a structure-preserving map between two algebraic structures such as groups, rings, or vector spaces. Isomorphisms, automorphisms, and endomorphisms are typically considered special types of homomorphisms. Among other more specific definitions of homomorphism, algebra homomorphism may be considered a homomorphism that preserves the algebra structure between two sets.
  • An embodiment of the present invention may comprise a method for performing additive homomorphic summation of at least two cryptotext encrypted data representations of at least two corresponding plain text data values, the method comprising: distributing by a first source computing device a first numeric message data value (M ⁇ into coefficients of a first message multivector ( x ) in accord with a homomorphic preserving mathematical relationship between an unencrypted numeric data value and multivector coefficients representing the unencrypted numeric data value that is known to the first source computing device, at least one additional source computing device, and a destination computing device; distributing by the first source computing device a shared secret numeric value (S s ) into coefficients of a shared secret multivector (S s ) in accord with a shared secret coefficient distribution algorithm that is known to the first source computing device, the at least one additional source computing device, and the destination computing device, such that the shared secret numeric value (S s ) is known or knowable to the first source computing device, the at least one
  • the intermediary computing system the additive result cryptotext multivector (ARC) to the destination computing device; receiving by the destination computing device the additive result cryptotext multivector (ARC) sent by the intermediary computing system; distributing by the destination computing device the shared secret numeric value (S s ) into the shared secret multivector (S s ) in accord with the shared secret coefficient distribution algorithm; decrypting by the destination computing device the additive result cryptotext multivector
  • the additive result multivector (AR) into an additive result data value (AR) in accord with the homomorphic preserving mathematical relationship such that the additive result data value (AR) is equal to a sum of the unencrypted first numeric message data value (M x ) and the unencrypted at least one additional numeric message data value (M n ) such that the sum of the unencrypted first numeric message data value ( ⁇ ⁇ ) and the unencrypted at least one additional numeric message data value (M n ) is performed with corresponding mathematical operations as the process of summing of the first cryptotext multivector (C ⁇ ) and the at least one additional cryptotext multivector (C n ).
  • An embodiment of the present invention may further comprise a method for encrypting a numeric message data value (M) on a source computing device in order to transfer a cryptotext multivector (C) encrypted representation of the numeric message data value (M) to an intermediary computing system that will perform additive homomorphic summation of the cryptotext multivector (C) and at least one additional cryptotext encrypted data representation of at least one additional numeric message and deliver a result of the homomorphic summation to a destination computing device, the method comprising:
  • the source computing device distributing by the source computing device the numeric message data value ( ) into coefficients of a message multivector (M) in accord with a homomorphic preserving mathematical relationship between an unencrypted numeric data value and multivector coefficients representing the unencrypted numeric data value that is known to the source computing device and the destination computing device; distributing by the source computing device a shared secret numeric value (S s ) into coefficients of a shared secret multivector (S s ) in accord with a shared secret coefficient distribution algorithm that is known to the source computing device and the destination computing device, the shared secret numeric value (S s ) being known or knowable to the source computing device and the destination computing device, but is kept secret from other devices not intended to have access to the numeric message data including the intermediary computing system; encrypting by the source computing device the cryptotext multivector (C) as an encryption function of at least one Geometric Algebra geometric product operation on the message multivector (M) and the shared secret multivector (S 5
  • An embodiment of the present invention may further comprise a method for performing additive homomorphic summation on an intermediary computer system of at least two cryptotext multivectors (C n ) encrypted data representations of at least two corresponding plain text numeric data values received from at least one source computing device and delivering an additive result cryptotext multivector (ARC), the method comprising: receiving by the intermediary computing system the at least two cryptotext multivectors (C n ) sent by the at least one source computing device; summing by the intermediary computing system using vector summation the at least two cryptotext multivector (C n ) in order to obtain an additive result cryptotext multivector (ARC); and sending by the intermediary computing system the additive result cryptotext multivector (ARC) to the destination computing device.
  • C n cryptotext multivectors
  • ARC additive result cryptotext multivector
  • An embodiment of the present invention may further comprise a method for decrypting an additive result cryptotext multivector (ARC) on a destination computing device received from an intermediary computing system that performed additive homomorphic summation of at least two cryptotext multivectors (C n ) encrypted data representations of at least two corresponding plain text numeric data values originated from at least one source computing device, the method comprising: receiving by the destination computing device the additive result cryptotext multivector (ARC) sent by the intermediary computing system; distributing by the source computing device a shared secret numeric value (S s ) into a shared secret multivector (S s ) in accord with a shared secret coefficient distribution algorithm that is known to the at least one source computing device and the destination computing device, the shared secret numeric value (S s ) being known or knowable to the at least one source computing device and the destination computing device, but is kept secret from other devices not intended to have access to the numeric message data including the intermediary computing system; decrypting by the destination computing device the additive result cryptotext multivector (
  • An embodiment of the present invention may further comprise an additive homomorphic Enhanced Data-Centric Encryption (EDGE) system for additive homomorphic summation of at least two cryptotext encrypted data representations of at least two corresponding plain text data values, the additive homomorphic EDGE system comprising: a first source computing device, wherein the first source computing device further comprises: a first source numeric message distribution subsystem that distributes a first numeric message data value (M x ) into coefficients of a first message multivector (M x ) in accord with a homomorphic preserving mathematical relationship between an unencrypted numeric data value and multivector coefficients representing the unencrypted numeric data value that is known to the first source computing device, at least one additional source computing device, and a destination computing device; a first source numeric shared secret distribution subsystem that distributes a shared secret numeric value (S s ) into coefficients of a shared secret multivector (3 ⁇ 4) in accord with a shared secret coefficient distribution algorithm that is known
  • intermediary computing system further comprises: an intermediary receive subsystem that receives the first cryptotext multivector sent by the first source computing device and the at least one additional cryptotext multivector (C n ) sent by the corresponding at least one additional source computing device; an intermediary homomorphic summation subsystem that sums using vector summation the first cryptotext multivector (C ⁇ ) and the at least one additional cryptotext multivector (C n ) in order to obtain an additive result cryptotext multivector (ARC); and an intermeidary send subsystem that sends the additive result cryptotext multivector (ARC) to the destination computing device; and the destination computing device, wherein the destination computing device further comprises: a destination receive subsystem that receives the additive result cryptotext multivector (ARC) sent by the intermediary computing system; a destination numeric shared secret distribution subsystem that distributes the shared secret numeric value (S s ) into the shared secret multivector (S s ) in accord with the shared secret coefficient distribution algorithm; a destination decryption subsystem that de
  • a destination convert multivector subsystem that converts the additive result multivector (AR) into an additive result data value (AR) in accord with the homomorphic preserving mathematical relationship such that the additive result data value (AR) is equal to a sum of the unencrypted first numeric message data value ( x ) and the unencrypted at least one additional numeric message data value (M n ) such that the sum of the unencrypted first numeric message data value ( x ) and the unencrypted at least one additional numeric message data value (M n ) is performed with corresponding mathematical operations as the process of summing of the first cryptotext multivector (C x ) and the at least one additional cryptotext multivector (C n ).
  • An embodiment of the present invention may further comprise an additive homomorphic Enhanced Data-Centric Encryption (EDGE) source computing device for encrypting a numeric message data value ( ) in order to transfer a cryptotext multivector (C) encrypted representation of the numeric message data value (M) to an intermediary computing system that will perform additive homomorphic summation of the cryptotext multivector (C) and at least one additional ciyptotext encrypted data representation of at least one additional numeric message and deliver a result of the homomorphic summation to a destination computing device
  • the additive homomorphic EDGE source computing device comprising: a source numeric message distribution subsystem that distributes the numeric message data value ( ) into coefficients of a message multivector (M) in accord with a homomorphic preserving mathematical relationship between an unencrypted numeric data value and multivector coefficients representing the unencrypted numeric data value that is known to the source computing device and the destination computing device; a source numeric shared secret
  • An embodiment of the present invention may further comprise an additive homomorphic Enhanced Data-Centric Encryption (EDGE) intermediary computing system for performing additive homomorphic summation of at least two cryptotext multivectors (C n ) encrypted data representations of at least two corresponding plain text numeric data values received from at least one source computing device and delivering an additive result cryptotext multivector (ARC),
  • the additive homomorphic EDGE intermediary computing system comprising: an intermediary receive subsystem that receives the at least two cryptotext multivectors (C n ) sent by the at least one source computing device; an intermediary homomorphic summation subsystem that sums using vector summation the at least two cryptotext multivector (C n ) in order to obtain an additive result cryptotext multivector (ARC); and an intermeidary send subsystem that sends the additive result cryptotext multivector (ARC) to the destination computing device.
  • EDGE Enhanced Data-Centric Encryption
  • An embodiment of the present invention may further comprise an additive homomorphic Enhanced Data-Centric Encryption (EDGE) destination computing device for decrypting an additive result cryptotext multivector (ARC) received from an intermediary computing system that performed additive homomorphic summation of at least two cryptotext multivectors (C n ) encrypted data representations of at least two corresponding plain text numeric data values originated from at least one source computing device, the additive homomorphic EDGE destination computing device comprising: a destination receive subsystem that receives the additive result cryptotext multivector (ARC) sent by the intermediary computing system; a destination numeric shared secret distribution subsystem that distributes a shared secret numeric value (S s ) into a shared secret multivector (S s ) in accord with a shared secret coefficient distribution algorithm that is known to the at least one source computing device and the destination computing device, the shared secret numeric value (S s ) being known or knowable to the at least one source computing device and the destination computing device, but is kept secret from other devices
  • FIG. 1 is a block diagram of the hardware implementation for a core encryption embodiment (i.e., a core Enhanced Data-Centric Encryption— EDGE— embodiment).
  • a core encryption embodiment i.e., a core Enhanced Data-Centric Encryption— EDGE— embodiment.
  • FIG. 2 is a flow chart of the general operation for a core encryption
  • FIG. 3A is a flow chart of the source computing device symmetric key operation for a core encryption embodiment.
  • FIG. 3B is a flow chart of the destination computing device symmetric key operation for a core encryption embodiment.
  • FIG. 4A is a flow chart of the source computing device symmetric key and cryptotext masking operation for a core encryption embodiment.
  • FIG. 4B is a flow chart of the destination computing device symmetric key and cryptotext masking operation for an encryption embodiment.
  • FIG. 5 is a flow chart of a core encryption embodiment for the EDGE encryption/decryption by using a geometric product "sandwich.”
  • FIG. 6 is a flow chart of a core encryption embodiment for the EDGE encryption/decryption by using Sylvester's equation.
  • FIG. 7 is a block diagram illustrating generating/extracting/obtaining a second shared secret key from the original shared secret multivector for a core encryption embodiment.
  • FIG. 8 is a block diagram of the hardware implementation for an additive homomorphic encryption embodiment.
  • FIG. 9 is a flow chart of the general operation for an additive homomorphic encryption embodiment.
  • Homomorphic Encryption is a form of encryption that allows computations to be carried out on cipher text as it is encrypted without decrypting the cipher text that generates an encrypted result which, when decrypted, matches the result of operations performed on the unencrypted plaintext.
  • the essential purpose of homomorphic encryption is to allow computation on encrypted data without decrypting the data in order to perform the computation.
  • the encrypted data can remain confidential and secure while the encrypted data is processed for the desired computation.
  • useful tasks may be accomplished on encrypted (i.e., confidential and secure) data residing in untrusted environments.
  • the ability to perform computations on encrypted data may be a highly desirable capability.
  • finding a general method for computing on encrypted data is likely a highly desirable goal for cryptography.
  • the most sought after application of homomorphic encryption may be for cloud computing.
  • Data that is stored in the Cloud is typically not encrypted, and the breach of the Cloud stored, unencrypted data is ranked by the Cloud Security Alliance as the number one threat to data security.
  • Encrypting Cloud stored data may mitigate the threat of data being compromised by a breach, but then the remote clients (owners of the data) would not then be able to perform operations (i.e., add, multiply, etc.) on the Cloud stored data while the data remains in the Cloud.
  • operations i.e., add, multiply, etc.
  • the Cloud would require access to the user's encryption keys. It is becoming increasing undesirable to provide the Cloud access to a user's security keys as the more entities that have access to the security keys inherently increases the susceptibility of the security keys to being breached, or even stolen by an unscrupulous provider.
  • Homomorphic encryption would allow the Cloud to operate on client data without decryption, and without access to the client's security keys.
  • An embodiment may advantageously utilize Geometric Algebra to provide the encryption and decryption of numeric messages that are to be transmitted through, and possibly have operations performed by, an intermediary computing system (e.g., the broad- based computing system currently, and commonly, referred to as the Cloud, or cloud computing).
  • an intermediary computing system e.g., the broad- based computing system currently, and commonly, referred to as the Cloud, or cloud computing.
  • An embodiment of the Geometric Algebra encryption/decryption system that performs the foundational "core" encryption/decryption functions of transferring data securely using Geometric Algebra based encryption/decryption from a source system to a destination system without having arithmetic or other comparative operations performed on the transmitted encrypted data by an intermediary system may be referred to as an Enhanced Data-Centric Encryption (EDGE) system.
  • EDGE Enhanced Data-Centric Encryption
  • an EDGE system When an EDGE system is further enhanced to support and provide for arithmetic and/or other comparative operations to be performed at an intermediary computing system (e.g., the Cloud) without decrypting and re-encrypting the data at the intermediary computing system, that system may be referred to as an Enhanced Data-Centric Homomorphic Encryption (EDCHE) system.
  • EDCHE Enhanced Data-Centric Homomorphic Encryption
  • Geometric Algebra is an area of mathematics that describes the geometric interaction of vectors and other objects in a context intended to mathematically represent physical interactions of objects in the physical world.
  • the use of Geometric Algebra for cryptography represents a new, manmade use of Geometric Algebra for a purpose entirely outside of the natural basis of Geometric Algebra for representing physical interactions of objects in the real, physical, word.
  • Geometric Algebra defines the operations, such as geometric product, inverses and identities, which facilitate many features of embodiments of the core EDGE and the EDCHE systems disclosed herein.
  • Geometric Algebra allows for the organization and representation of data into the "payload" of a multivector where the data in the payload may represent, for example, plaintext, cryptotext, or identifying signatures.
  • Embodiments of both the core EDCE system and the EDCHE system make beneficial use of Geometric Algebra properties to provide encryption, decryption, and intermediary homomorphic operations in a relatively computationally simplistic manner while still providing robust security for both data in motion and data at rest (e.g., data stored in the Cloud).
  • methods and systems to encrypt and decrypt messages using Geometric Algebra may utilize the intrinsic algebraic homomorphic properties of Geometric Algebra to permit arithmetic and other comparative operations on encrypted messages handled by an intermediary computing system without the need for the intermediary computing system to decrypt the encrypted messages prior to performing the arithmetic and other comparative operations. Accordingly, the intermediary computing system does not need to know any information regarding any of the secret security keys of the encryption/decryption processes to properly perform the arithmetic and other comparative operations.
  • the encrypted results of the arithmetic and other comparative operations performed by the intermediary computing system when decrypted at a destination computing device, produce results equivalent to the same operations as if the operations were performed on the unencrypted plain text messages.
  • a proper data organization methodology that preserves such homomorphic properties (i.e., the mathematical relationship between the vectors utilized in the encryption process and the original plaintext messages being encrypted) should be enforced on the choice of coefficients for the vectors representing the plain text messages.
  • ensuring that the coefficients of the multivector representation of the plaintext numeric message follow a mathematical data organization methodology i.e., a homomorphic preserving mathematical relationship
  • a mathematical data organization methodology i.e., a homomorphic preserving mathematical relationship
  • the mathematical operations incorporating the one or more values of the multivector coefficients have a result equal to the original plaintext numeric message value will provide the proper data organization to preserve the homomorphic properties of the Geometric Algebra operations of the core EDCE encryption/decryption processes.
  • an embodiment of an EDCHE system provides a cryptosystem that allows unlimited multiplications and additions of cipher text (i.e., transmitted/stored encrypted messages at the intermediary/cloud computer system) due solely to the intrinsic algebraic homomorphic properties of an embodiment of the EDCHE system.
  • an embodiment of an EDCHE system may provide the homomorphic properties as a product of algebraic homomorphism without the need to use additional methods, such as "bootstrapping" (e.g., performing a recursive operation to reduce the noise associated with a cipher text) to achieve the homomorphic properties.
  • the encrypted data values may be stored on the intermediary computing system until such time that particular arithmetic or other comparative operations are desired by a user, then the intermediary computing system may perform the requested arithmetic or other comparative operations. Likewise, the encrypted data values may be immediately operated on by the intermediary computing system as soon as the subject encrypted data values are received by the intermediary computing system.
  • the process of receiving the encrypted data values at the intermediary computing system inherently includes storing the encrypted data values at the intermediary computing system even if only fleetingly in an immediately used and erased Random Access Memory (RAM) location or operational register location of a computational subsystem of the intermediary computing system.
  • RAM Random Access Memory
  • Embodiments of both EDCE and EDCHE may be comprised of functional blocks, each of which may be tailored as described in more detail below according to objectives for scope, capability and security.
  • the following sections provide a mathematical and numerical description of these functional blocks.
  • the descriptions below have been split up to separately cover foundational "core" EDGE concepts and the additional enhancements concepts that permit homomorphic operations for EDCHE.
  • Section 1 provides a general description of embodiments of the foundational "core" EDGE system.
  • Section 2 provides additional descriptions of embodiments of the foundational "core” EDCE system, including the packing of information into multivectors, the encryption and decryption of such multivectors and the unpacking to recover the original information.
  • Section 3 provides a description of the further enhancements to embodiments of the foundational "core” EDCE system that achieve homomorphic properties for embodiments of an EDCHE system.
  • Alice and Bob are used for the sending/source and receiving/destination entities, respectively.
  • Section 1 General Core EDCE Message Encryption/Decryption
  • Section 3 Homomorphic EDCHE Enhancements to EDGE Operation
  • Section 1 General Core EDGE Message Encryption/Decryption
  • Ciphers such as RSA (Rivest-Shamir-Adleman), DES (Data Encryption Standard) and/or AES (Advanced Encryption Standard) are little more than static "machinery" that bogs down communication efficiency. The actual problem is much bigger. How can robust security be provided when: a) End-point computational resources are limited (e.g., the Internet of Things— IoT). b) Encryption/decryption must be near-real time
  • a "core" embodiment may be described as enhanced data-centric encryption, or EDGE.
  • EDGE is computationally simplistic while providing robust security over the span of the communication channel.
  • EDGE security is scalable from tiny embedded IoT (Internet of Things) devices up to server farms.
  • EDGE functionality enables many cipher schemes that show speed and bandwidth advantages over current methods.
  • One aspect of EDG that provides speed enhancement in the
  • encryption/decryption of data is that the EDGE encryption/decryption may be implemented using basic arithmetic operations of addition, subtraction, multiplication, and division.
  • EDGE does not require a complex operation to select a large prime number, to calculate a logarithm function, to calculate a natural logarithm function, and/or to calculate other complex and computationally intensive mathematical functions (i.e., prime numbers, logarithms, natural logarithms, and/or other complex mathematical operations are not required in the Geometric Algebra calculations disclosed herein).
  • Geometric Algebra an area of mathematics that has not been utilized before in encryption.
  • Geometric Algebra as used herein is an area of mathematics that encompasses Geometric Algebra, Conformal Geometric Algebra and Clifford Algebra (collectively herein, "Geometric Algebra").
  • Geometric Algebra allows for the organization and representation of data into the "payload" of a multivector where the data may be plaintext, cryptotext, or signatures, for example.
  • Geometric Algebra defines the operations, such as geometric product, inverses and identities, which are the enablers of encryption/decryption calculations of various embodiments.
  • Multivectors are simply the additive combination of a scalar, a vector, a bi- vector and so forth up to an n-dimension vector.
  • the unit vectors follow the algebraic structure of quaternions (Hamilton) and non-commutative algebra (Grassman). These two types of algebra allowed Clifford to conceive of the Geometric Product which is used by the various embodiments as one of the "primitive" functions of the embodiments of EDGE and EDCHE systems.
  • Geometric Algebra a 0 + a x e x + a 2 e 2 + a 12 e 12
  • e ⁇ is a unit vector along the i-axis and e 12 represents the orientation of the area created by a 12 .
  • Appendix A: Geometric Algebra Overview of the parent patent application Serial No. 15/667,325, entitled “Methods and Systems for Enhanced Data-Centric Encryption Systems Using Geometric Algebra," but some general observations may be helpful to the description of the various embodiments disclosed below.
  • each of the 3 ⁇ 4 values in the multivector A above may be "packed” with information and each 3 ⁇ 4 value may range from zero to very large (e.g., >256,000 bits or an entire message).
  • the inverse of A when multiplied by A yields unity, or:
  • the "payload" may be packed in the values of the scalars and coefficients of the multivector elements.
  • the packing method may define, among many things, the Geometric Algebra operations permissible for EDGE and/or EDCHE embodiments. For example, the Rationalize operation on multivectors yields zero when all multivector coefficients are equal. Such multivectors having all equal coefficients have no inverse and the geometric product of such multivectors having all equal coefficients with another multivector has no inverse.
  • the decryption methodology for EDGE and EDCHE systems utilize the inverse of the cryptotext multivector being decrypted and of the security key(s) multivector to perform the decryption. Therefore, the cryptotext multivector being decrypted should not have all equal value coefficients.
  • One means to ensure that the cryptotext multivector being decrypted does not have all equal value coefficients is to have the packing/coefficient distribution method ensure that not all coefficients are equal to each other (i.e., at least one coefficient should be different than the other coefficients) when creating the shared security multivector(s) and the data message multivectors.
  • the destination computing device may simply assert that such a result cryptotext multivector is "undefined," or, the destination or intermediary computing system may provide a means to update the result cryptotext multivector so the result cryptotext multivector does not have all equivalent coefficients. Great care should be taken to ensure that such an update of the result cryptotext multivector does not change the ultimate value of the result plaintext value of the result cryptotext multivector after decryption.
  • the "packed" multivector that represents the original plaintext numeric message have a mathematical relationship (i.e., the homomorphic preserving mathematical relationship) to the original plaintext numeric message.
  • the term homomorphism refers to a structure-preserving map between two algebraic structures, such as groups, rings, or vector spaces.
  • An algebra homomorphism between two algebras is one that preserves the algebra structure.
  • the method by which numbers are "packed" into multivector elements must remain a representation of the original number.
  • One such relationship for packing the coefficients of the multivector that preserves homomorphic properties is to ensure that the coefficients of the multivector representation of the plaintext numeric message follow a mathematical data organization between the value of the plaintext numeric message and at least one of the values of the coefficients of the multivector representation of the plaintext numeric message where the mathematical operations incorporating the one or more values of the multivector coefficients have a result equal to the original plaintext numeric message value.
  • the mathematical relationship may include: addition of at least one coefficient of the multivector coefficients, subtraction of at least one coefficient of the multivector coefficients, addition of a constant value, subtraction of a constant value, multiplication of at least one coefficient of the multivector coefficients by a constant value, and division of at least one coefficient of the multivector coefficients by a constant value.
  • the location of the various mathematical operations relative to the particular locations of the coefficients in the multivector representation should also be consistently applied to all source numeric data messages converted to a multivector as well as for result multivectors converted to a result numeric data value in a particular encryption/decryption pathway.
  • separate multivectors may be encoded for many purposes, such as a shared secret (defined below), authentication information, and timestamps.
  • a shared secret defined below
  • authentication information e.g., password, password, and password.
  • timestamps e.g., timestamps.
  • the EDGE multivector format and Geometric Algebra foundation of a core EDGE embodiment may enable a single transmission to contain far more than just cryptotext, including dummy data to increase encryption security, command instructions for additional operations, and/or configuration data for the additional operations.
  • Fig. 1 is a block diagram 100 of the hardware implementation for an embodiment.
  • a first computing device 102 is connected over an electronic network/bus connection 104 to a second computing device 106.
  • the first computing device 102 acts as the source device 102 that sends the encrypted message 108 over the network/bus connection 104.
  • the second computing device 106 acts as the destination device 106 that receives the encrypted message 108 from the network/bus connection 104.
  • communications including encrypted communications, are bi- directional such that the first 102 and second 106 computing devices may change roles as the source device 102 and destination device 106 as is necessary to accommodate the transfer of data back and forth between the first 102 and second 106 computing devices.
  • the first computing device 102 appears to be a laptop computer and the second computing device 106 appears to be a tablet device.
  • any computing device capable of communication over any form of electronic network or bus communication platform may be one, or both of the first 102 and second 106 computing devices. Further, the first 102 and second computing devices 106 may actually be the same physical computing device communicating over an internal bus connection 104 with itself, but still desiring encrypted communication to ensure that an attacker cannot monitor the internal communications bus 104 to obtain sensitive data communications in an unencrypted format.
  • Various embodiments may implement the network/bus communications channel 104 using any communications channel 104 capable of transferring electronic data between the first 102 and second 106 computing devices.
  • the network/bus may implement the network/bus communications channel 104 using any communications channel 104 capable of transferring electronic data between the first 102 and second 106 computing devices.
  • the network/bus may implement the network/bus communications channel 104 using any communications channel 104 capable of transferring electronic data between the first 102 and second 106 computing devices.
  • the network/bus communications channel 104 may implement the network/bus communications channel 104 using any communications channel 104 capable of transferring electronic data between the first 102 and second 106 computing devices.
  • the network/bus may implement the network/bus communications channel 104 using any communications channel 104 capable of transferring electronic data between the first 102 and second 106 computing devices.
  • the network/bus may implement the network/bus communications channel 104 using any communications channel 104 capable of transferring electronic data between the first 102 and second 106 computing devices.
  • the network/bus may implement the network/bus
  • the communication connection 104 may be an Internet connection routed over one or more different communications channels during transmission from the first 102 to the second 106 computing devices.
  • the network/bus communication connection 104 may be an internal communications bus of a computing device, or even the internal bus of a processing or memory storage Integrated Circuit (IC) chip, such as a memory chip or a Central Processing Unit (CPU) chip.
  • IC Integrated Circuit
  • the network/bus communication channel 104 may utilize any medium capable of transmitting electronic data communications, including, but not limited to: wired communications, wireless electro-magnetic communications, fiber-optic cable communications, light/laser communications, sonic/sound communications, etc., and any combination thereof of the various communication channels.
  • the various embodiments may provide the control and management functions detailed herein via an application operatin on the first 102 and/or second 106 computing devices.
  • the first 102 and/or second 106 computing devices may each be a computer or computer system, or any other electronic devices device capable of performing the communications and computations of an embodiment.
  • the first 102 and second 104 computing devices may include, but are not limited to: a general purpose computer, a laptop/portable computer, a tablet device, a smart phone, an industrial control computer, a data storage system controller, a CPU, a Graphical Processing Unit (GPU), an Application Specific Integrated Circuit (ASI), and/or a Field Programmable Gate Array (FPGA).
  • GPU Graphical Processing Unit
  • ASI Application Specific Integrated Circuit
  • FPGA Field Programmable Gate Array
  • the first 102 and second 106 computing devices may be the storage controller of a data storage media (e.g., the controller for a hard disk drive) such that data delivered to/from the data storage media is always encrypted so as to limit the ability of an attacker to ever have access to unencrypted data.
  • Embodiments may be provided as a computer program product which may include a computer-readable, or machine-readable, medium having stored thereon instructions which may be used to program/operate a computer (or other electronic devices) or computer system to perform a process or processes in accordance with the various embodiments.
  • the computer-readable medium may include, but is not limited to, hard disk drives, floppy diskettes, optical disks, Compact Disc Read-Only Memories (CD-ROMs), Digital Versatile Disc ROMS (DVD-ROMs), Universal Serial Bus (USB) memory sticks, magneto-optical disks, ROMs, random access memories (RAMs), Erasable Programmable ROMs (EPROMs), Electrically Erasable Programmable ROMs (EEPROMs), magnetic optical cards, flash memory, or other types of media/machine-readable medium suitable for storing electronic instructions.
  • the computer program instructions may reside and operate on a single computer/electronic device or various portions may be spread over multiple computers/devices that comprise a computer system.
  • embodiments may also be downloaded as a computer program product, wherein the program may be transferred from a remote computer to a requesting computer by way of data signals embodied in a carrier wave or other propagation medium via a communication link (e.g., a modem or network connection, including both wired/cabled and wireless connections).
  • a communication link e.g., a modem or network connection, including both wired/cabled and wireless connections.
  • Fig. 2 is a flow chart 200 of the general operation for an embodiment.
  • a shared secret numeric data value (S s ) is shared between the source 202 and destination 204.
  • the various embodiments may share the shared secret numeric data value (S s ) between the source 202 and destination 204 via any means desired by the users.
  • S s shared secret numeric data value
  • the shared secret numeric data value (S s ) may be shared between the source 202 and destination 204 by means including, but not limited to: pre-conditioning the source 202 computing device and the destination 204 computing device with the shared secret numeric value (S s ), a standard public/private key exchange technique, RSA (Rivest-Shamir-Adleman) key exchange, and/or Diffie-Hellman key exchange (disclosed in more detail herein, below).
  • RSA Rastert-Shamir-Adleman
  • the original shared secret may be an alphanumeric string in ASCII (American Standard Code for Information Exchange) or another encoding protocol that is converted to a numeric value based on the associated encoding protocol, such as: ASCII, other English language/alphabetic coding systems, foreign language encoding for non-alphabetic languages (e.g., katakana for Japanese), el ⁇ even pure symbol to numeric values such as for emoji's.
  • ASCII American Standard Code for Information Exchange
  • other English language/alphabetic coding systems e.g., foreign language encoding for non-alphabetic languages (e.g., katakana for Japanese), el ⁇ even pure symbol to numeric values such as for emoji's.
  • both the source 202 and destination 204 need to know and use the same alphanumeric text conversion into a numeric value process to ensure that results of both the source 202 and the destination 204 are the same.
  • the source 202 converts any alphanumeric text in the message into numeric message data (M) based on the alphanumeric encoding protocol (e.g., ASCII, other English language/alphabetic coding systems, foreign language encoding for non- alphabetic languages (e.g., katakana for Japanese), or even pure symbol to numeric values such as for emoji's) of the original text.
  • the alphanumeric encoding protocol e.g., ASCII, other English language/alphabetic coding systems, foreign language encoding for non- alphabetic languages (e.g., katakana for Japanese), or even pure symbol to numeric values such as for emoji's
  • both the source 202 and destination 204 need to know and use the same alphanumeric text conversion into a numeric value process to ensure that results of both the source 202 and the destination 204 are the same.
  • numeric message data that is, but are not limited to: positive numbers, negative numbers, zero, integer numbers, rational numbers (including fractions), and/or real numbers.
  • the source 202 distributes the numeric message data (M) into message multivector (M) coefficients.
  • the encryption system will work with just one non-zero message multivector (M) coefficient, but, the more non-zero message multivector (M) coefficients there are, the stronger the encryption will become, so it is desirable to have more than one non-zero message multivector ( ) coefficient.
  • the source 202 distributes shared secret numeric value (S s ) into shared secret multivector (Sc) coefficients.
  • S s shared secret numeric value
  • S s shared secret multivector
  • the encryption system will work with just one non-zero shared secret multivector (S s ) coefficient, but, the more non-zero shared secret multivector (S s ) coefficients there are, the stronger the encryption will become, so, again, it is desirable to have more than one non-zero shared secret multivector (S s ) coefficient.
  • S s shared secret multivector
  • the primary requirement for the distribution process from the numeric values of the message (M) and the shared secret (S s ) to the multivector coefficient values ( and S s ) is that the source 202 and the destination 204 both know the processes 210/222 and 212/224 such that the destination 204 can reconstruct the original message ( ). As long as it is known to both the source 202 and the destination 204, the distribution of numeric data to multivector coefficients may be performed differently between the message (M) and the shared secret (5s).
  • the various embodiments may perform the encryption process with multivector coefficient values for both the message (M) and shared secret (5 S ) that are, but are not limited to: positive numbers, negative numbers, zero, integer numbers, rational numbers (including fractions), and/or real numbers.
  • the distributing/packing method defines, among many things, the Geometric Algebra operations permissible for EDGE and/or EDCHE embodiments.
  • the Rationalize operation on multivectors yields zero when all multivector coefficients are equal.
  • Such multivectors having all equal coefficients have no inverse and the geometric product of such multivectors having all equal coefficients with another multivector has no inverse.
  • the Rationalize operation on multivectors yields zero when all multivector coefficients are equal.
  • Such multivectors having all equal coefficients have no inverse and the geometric product of such multivectors having all equal coefficients with another multivector has no inverse.
  • the decryption methodology for EDGE and EDCHE systems utilize the inverse of the cryptotext multivector being decrypted and of the security key(s) multivector to perform the decryption. Therefore, the cryptotext multivector being decrypted should not have all equal value coefficients.
  • One means to ensure that the cryptotext multivector being decrypted does not have all equal value coefficients is to have the packing/coefficient distribution method ensure that not all coefficients are equal to each other (i.e., at least one coefficient should be different than the other coefficients) when creating the shared security multivector(s) and the data message multivectors.
  • the same packing/coefficient distribution method to ensure that the source message multivectors do not have all equivalent coefficients will minimize the potential for the cryptotext multivector being decrypted from having all equivalent coefficients, but, when various addition and subtraction operations are performed with multiple distinctly different cryptotext multivectors, there is a remote possibility that the cryptotext multivector result of the homomorphic operations will have all equivalent coefficients.
  • the destination computing device may simply assert that such a result cryptotext multivector is "undefined," or, the destination or intermediary computing system may provide a means to update the result cryptotext multivector so the result cryptotext multivector does not have all equivalent coefficients.
  • the "packed" multivector that represents the original plaintext numeric message have a mathematical relationship (i.e., the homomorphic preserving mathematical relationship) to the original plaintext numeric message.
  • the term homomorphism refers to a structure-preserving map between two algebraic structures, such as groups, rings, or vector spaces.
  • An algebra homomorphism between two algebras is one that preserves the algebra structure.
  • the method by which numbers are "packed" into multivector elements must remain a representation of the original number.
  • One such relationship or packing the coefficients of the multivector that preserves homomorphic properties is to ensure that the coefficients of the multivector representation of the plaintext numeric message follow a mathematical data organization between the value of the plaintext numeric message and at least one of the values of the coefficients of the multivector representation of the plaintext numeric message where the mathematical operations incorporating the one or more values of the multivector coefficients have a result equal to the original plaintext numeric message value.
  • the mathematical relationship may include: addition of at least one coefficient of the multivector coefficients, subtraction of at least one coefficient of the multivector coefficients, addition of a constant value, subtraction of a constant value, multiplication of at least one coefficient of the multivector coefficients by a constant value, and division of at least one coefficient of the multivector coefficients by a constant value.
  • The. location of the various mathematical operations relative to the particular locations of the coefficients in the multivector representation should also be consistently applied to all source numeric data messages converted to a multivector as well as for result multivectors converted to a result numeric data value in a particular encryption/decryption pathway.
  • the distribution (i.e., "packing") of the shared secret multivector (S s ) may be performed in any fashion so long as the distribution (i.e., "packing") method of the shared secret multivector (S s ) is known and used consistently by the source 202 and destination 204 computing devices as, ultimately, the shared secret multivector (S s ) used by the source 202 and destination 204 should be equal to each other to ensure that the decryption operations 226 work properly in relation to the encryption 214 operations.
  • the number of potential coefficients is directly related to the size/dimension (N) of the multivectors such that the number of coefficients increases by a factor of 2 (i.e., 2 N ) for each incremental increase in the size/dimension (N) of the multivector.
  • using multivectors of at least two dimensions will provide at least four coefficients to distribute the numeric data of the message (M) and the shared secret (S s ).
  • the confusion and/or diffusion security characteristics will also be increased due to the additionally available multivector coefficients. Further, with the additionally available coefficients it is also possible to transfer more data in a single multivector message (M) payload using the additionally available multivector coefficients.
  • M multivector message
  • the source 202 encrypts a cryptotext multivector (C) as a function of at least one Geometric Algebra geometric product operation on the message multivector (M) and the shared secret multivector (S s ).
  • the source 202 converts the cryptotext multivector (C) into cryptotext numeric data (C) in accord with reverse operation of a cryptotext data coefficient distribution algorithm that is known to both the source 202 and the destination 204. While not typical of most encryption systems, an embodiment may also omit process 216 and directly send a representation of the cryptotext multivector (C) without first converting the cryptotext multivector (C) into cryptotext numeric data (C).
  • the transmission may be implemented as a series of transfers of the coefficients or as some form of records/packets that define a data structure that carries the coefficient data of the cryptotext multivector (C).
  • the various embodiments will include process 216 to convert the cryptotext multivector (C) into cryptotext numeric data (C) in order to maintain compatibility with legacy and/or third party systems as well as to obtain the additional confusion and diffusion characteristics of encapsulating the cryptotext multivector (C) coefficients into a single cryptotext numeric data (C) value.
  • process 216 is used to convert the cryptotext multivector (C) into cryptotext numeric data (C), it is necessary for any computing device/system that wishes to operate on the cryptotext multivector (C) to have knowledge of the particular conversion methodology so that computing device/system may properly recreate the cryptotext multivector (C).
  • the destination 204 receives the cryptotext numeric data (C) sent by the source 202.
  • the destination distributes the cryptotext numeric data (C) into the cryptotext multivector (C) using the cryptotext data coefficient distribution algorithm that is known to both the source 202 and the destination 204.
  • process 222 is also omitted as the cryptotext multivector (C) was transmitted directly so there is not a need to convert the cryptotext numeric data (C) back into the cryptotext multivector (C).
  • the destination 204 distributes shared secret numeric value (3 ⁇ 4) into shared secret multivector (S s ) coefficients in the same fashion as was done for the source 202 at process 212.
  • the destination decrypts the cryptotext multivector (C) as a function of at least one Geometric Algebra geometric product operation on the cryptotext multivector (C) and an inverse (S s 1 ) of the shared secret multivector (S s ) back into the message multivector (M).
  • the destination 204 converts the message multivector ( ) into the message numeric data (M) in accord with reverse operation of the message data coefficient distribution algorithm of the source 202 at process 210.
  • the destination 202 converts the numeric message data (M) back into the original alphanumeric text message as a reverse function of the process of the source 202 at step 208 that converted that alphanumeric text to the numeric message data (M) using standard computer character encoding characteristics.
  • Fig. 3 A is a flow chart 300 of the source computing device symmetric key operation for an embodiment.
  • the encryption process 214 of the source 202 of Fig. 2 may further include processes 302-306 to use symmetric shared secret security keys to further enhance the security of an embodiment.
  • the source computing device may generate/extract/obtain a second shared secret key (S S2 ) from the original shared secret multivector (S s ) by performing a 0-Blade Reduction Operation on the original shared secret multivector (S s ) to obtain a scalar numerical value for the second shared secret key (S5 2 ).
  • S Sl the geometric product of the second shared secret key
  • the source computing device distributes the second shared secret key numeric value (5 3 ⁇ 4 ) into second shared secret multivector (3 ⁇ 4 2 ) coefficients where also not all coefficients are equal to each other (i.e., at least one coefficient should be different than the other coefficients).
  • second shared secret multivector 3 ⁇ 4 2
  • the source computing device encrypts the cryptotext multivector (C) as a function of Geometric Algebra geometric product operations on the message multivector (M), the shared secret multivector (S s ), and the second shared secret multivector (Ss 2 ).
  • C the cryptotext multivector
  • M the message multivector
  • S s shared secret multivector
  • Ss 2 the second shared secret multivector
  • Fig. 3B is a flow chart 310 of the destination computing device symmetric key operation for an embodiment.
  • the decryption process 226 of the destination 204 of Fig. 2 in conjunction with the operation of the source computing device as described in the disclosure above with respect to Fig. 3 A, may include processes 31 2-316 to use symmetric shared secret security keys to further enhance the security of an embodiment.
  • the destination computing device may independently generate/extract/obtain the second shared secret key (S Sz ) from the original shared secret multivector (S s ) by performing the 0-Blade Reduction Operation on the original shared secret multivector (S s ) to obtain a scalar numerical value for the second shared secret key (S 5z ).
  • S Sz the original shared secret multivector
  • S 5z a scalar numerical value for the second shared secret key
  • the destination computing device also distributes the second shared secret key numeric value (5 Sz ) into the second shared secret multivector (S s ) coefficients.
  • S s second shared secret multivector
  • the destination computing device decrypts the cryptotext multivector (C) as a function of Geometric Algebra geometric product operations on the cryptotext multivector (C), an inverse (S s 1 ) of the original shared secret multivector (S s ), and an inverse ( S ., 1 ) of the second shared secret multivector (S S2 ) back into the message multivector (M).
  • Fig. 4 A is a flow chart 400 of the source computing device symmetric key and cryptotext masking operation for an embodiment. Similar to the disclosure with respect to Fig. 3 A above, the encryption process 214 of the source 202 of Fig. 2 may further include processes 402-406 to use symmetric shared secret security keys to further enhance the security of an embodiment. At process 402, the source computing device may
  • S S2 generate/extract/obtain a second shared secret key (S S2 ) from the original shared secret multivector (S s ) by performing a 0-Blade Reduction Operation on the original shared secret multivector (3 ⁇ 4) to obtain a scalar numerical value for the second shared secret key (S s ).
  • the source computing device distributes the second shared secret key numeric value (S s ) into second shared secret multivector (S s ) coefficients where also not all coefficients are equal to each other (i.e., at least one coefficient should be different than the other coefficients).
  • S s second shared secret multivector
  • the source computing device encrypts the cryptotext multivector (C) as a function of Geometric Algebra geometric product operations on the message multivector ( ), the shared secret multivector (S s ), and the second shared secret multivector (S s ).
  • C the cryptotext multivector
  • S s the shared secret multivector
  • S s the shared secret multivector
  • S s the second shared secret multivector
  • the cryptotext multivector (C) is first converted into a pre-cipher cryptotext (C) in accord with reverse operation of a cryptotext data coefficient distribution algorithm that is known to both the source computing device (Fig. 4A) and the destination computing device (Fig. 4B).
  • Fig. 4B is a flow chart 410 of the destination computing device symmetric key and cryptotext masking operation for an embodiment.
  • the destination computing device then distributes the pre-cipher cryptotext numeric data (C) into the cryptotext multivector (C) using the cryptotext data coefficient distribution algorithm that is known to both the source and destination computing devices.
  • the remaining decryption process 226 of the destination 204 of Fig. 2 in conjunction with the operation of the source computing device as described in the disclosure above with respect to Fig. 4A, may include processes 414-418 to use symmetric shared secret security keys to further enhance the security of an embodiment.
  • the destination computing device may independently generate/extract/obtain the second shared secret key (S s? ) from the original shared secret multivector (S s ) by performing the 0-Blade Reduction Operation on the original shared secret multivector (S s ) to obtain a scalar numerical value for the second shared secret key (3 ⁇ 4).
  • the destination computing device also distributes the second shared secret key numeric value (S s ) into the second shared secret multivector (S s ) coefficients.
  • S s second shared secret key numeric value
  • S s second shared secret multivector
  • the destination computing device decrypts the cryptotext multivector (C) as a function of Geometric Algebra geometric product operations on the cryptotext multivector (C), an inverse (S s 1 ) of the original shared secret multivector (S s ), and an inverse (S Sl 1 ) of the second shared secret multivector (3 ⁇ 4 2 ) back into the message multivector (M).
  • a subsystem of the computer system, and/or the source computer system and the destination computer system, that encrypts data, transfers the data, and decrypts the data may be assigned, in whole or in part, to a particular hardware implemented system, such as a dedicated Application Specific Integrated Circuit (ASIC) or Field Programmable Gate Array (FPGA).
  • ASIC Application Specific Integrated Circuit
  • FPGA Field Programmable Gate Array
  • One or more subsystems, in whole or in part, may alternatively be implemented as software or firmware instructions defining the operation of a computer system with specific regard to the one or more subsystems implemented as software or firmware instructions.
  • the software or firmware instructions may cause the Central Processing Unit, memory, and/or other systems of a computer system to operate in particular accordance with the particular one or more subsystems designated features.
  • the disclosure below provides a simplified example of the operations and data relationships during the performance of a fundamental "core" EDCE embodiment.
  • the amount of data, the type of data, and the particular data values shown and described in the example are not meant to represent any particular real system, but are provided only for the purpose of showing the operations and data relationships of an embodiment. Further, the embodiments described below are not meant to restrict operations to particular data types, encryption shared secret key exchange techniques, text to numeric and back conversion techniques, and/or number to multivector coefficient assignment techniques.
  • the various embodiments may be comprised of functional blocks, each of which may be tailored as described according to objectives for scope, capability and security.
  • the following sections provide a mathematical and numerical description of one or more example embodiments of these functional blocks.
  • the numerical results in the examples are generally derived from Geometric Algebra executing in the C programming language. Packing and Unpacking Multivectors
  • each text message needs to be converted to a number in order to become a valid operational unit for all EDCE computations.
  • the numbers are typically shown in base 10, but the various embodiments may choose other number bases as desired by the system designer.
  • a hex (base 16) representation may provide particular advantages when dealing with ASCII numerical representations as standard ASCII has a representation based on the numbers 0- 127 (i.e., 2 7 ), which is one power of two (i.e., hex is 2 s ) less than the typical 8 bits represented by a hex number of xFF.
  • symbols such as the letters a, b, c and so on are represented in order formats (such as binary, decimal, octets, hexadecimal, etc.), which are described in the ASCII printable code chart, a table that presents the relationship between formats. So the letters “a,” “b” and “c” in ASCII decimal code are 97, 98 and 99, respectively.
  • ASCII_array_from_"message [109, 101 , 1 15, 1 15, 97, 103, 101 ]
  • n n * 256 + ascii_array_from_message[i]
  • entropy may be added at this step by performing transformations on the ASCII codes, such as addition or modulo operations, but those entropy adding operations may affect whether intermediary
  • homomorphic operations may properly be performed on the message data as those entropy adding operations may adversely affect the mathematical relationship to the original message values. No such entropy adding transformations are used in the examples that follow.
  • a base 10 number is transmitted and received. From the above example of a message multivector, the coefficients are concatenated to form a number string.
  • the "number to text" conversion process for this number string also uses the ASCII printable code chart, but the recovery routine is different from the "text to number” conversion. The procedure is described below:
  • the input number is 30792318992869221.
  • n 30792318992869221
  • any number in base 10 may be a coefficient of a multivector element.
  • a multivector may contain arbitrary data, or data that is a result of a series of operations.
  • a base 10 number may also be represented in multivector form by distributing pieces of this number string to the coefficients in the multivector.
  • Multi vectors that are 2D have 4 elements/coefficients available to pack with pieces of this number string, a 3D multivector has 8 elements, and 4D has 16.
  • EDCE has been
  • A a 0 + a x e x + a 2 e 2 + a 3 e 3 + a 4 e 4 + a 12 e 12 + 13 e 13 + a 14 e 14 + a 23 e 23 + a 24 e 24
  • this string may be a single coefficient of, say, a 2D multivector, as follows:
  • EDCE has been demonstrated where the number string distributed to an element of the multivector exceeds 4,000 digits. However, the base 10 number in our example will typically be "distributed" in an ad hoc manner across all the multivector elements, such as:
  • the above distribution is called “number to multivector.”
  • the method of distributing the number string may be according to any of a variety of algorithms as long as the method is known and used by both the sending and receiving entities.
  • the distribution algorithm may include shuffling of the assignments to elements, performing functional operations on numbers assigned to elements or changing the algorithm between messages in a conversation. More operations increase encryption entropy.
  • shuffling and other algorithms to increase cryptographic confusion may break the potential for
  • the distributing/packing method defines, among many things, the Geometric Algebra operations permissible for EDGE and/or EDCHE embodiments. For example, the
  • One means to ensure that the cryptotext multivector being decrypted does not have all equal value coefficients is to have the packing/coefficient distribution method ensure that not all coefficients are equal to each other (i.e., at least one coefficient should be different than the other coefficients) when creating the shared security multivector(s) and the data message multivectors. For an embodiment of the EDCE that simply transfers the data message, this will ensure that the cryptotext multivector to be decrypted will not have all equivalent coefficients.
  • the same packing/coefficient distribution method to ensure that the source message multivectors do not have all equivalent coefficients will minimize the potential for the cryptotext multivector being decrypted from having all equivalent coefficients, but, when various addition and subtraction operations are performed with multiple distinctly different cryptotext multivectors, there is a remote possibility that the cryptotext multivector result of the homomorphic operations will have all equivalent coefficients.
  • the destination computing device may simply assert that such a result cryptotext multivector is "undefined," or, the destination or intermediary computing system may provide a means to update the result cryptotext multivector so the result cryptotext multivector does not have all equivalent coefficients. Great care should be taken to ensure that such an update of the result cryptotext multivector does not change the ultimate value of the result plaintext value of the result cryptotext multivector after decryption.
  • One such relationship for packing the coefficients of the multivector that preserves homomorphic properties is to ensure that the coefficients of the multivector representation of the plaintext numeric message follow a mathematical data organization between the value of the plaintext numeric message and at least one of the values of the coefficients of the multivector representation of the plaintext numeric message where the mathematical operations incorporating the one or more values of the multivector coefficients have a result equal to the original plaintext numeric message value.
  • the mathematical relationship may include: addition of at least one coefficient of the multivector coefficients, subtraction of at least one coefficient of the multivector coefficients, addition of a constant value, subtraction of a constant value, multiplication of at least one coefficient of the multivector coefficients by a constant value, and division of at least one coefficient of the multivector coefficients by a constant value.
  • the location of the various mathematical operations relative to the particular locations of the coefficients in the multivector representation should also be consistently applied to all source numeric data messages converted to a multivector as well as for result multivectors converted to a result numeric data value in a particular encryption/decryption pathway.
  • the number may be sent using a numeric variable representation such as an integer or floating point data type.
  • an embodiment may also simply skip the step of converting the multivector (C) into cryptotext numeric data (C), and directly send a representation of the cryptotext multivector ( ) without first converting the cryptotext multivector (C) into cryptotext numeric data (C).
  • the transmission may be implemented as a series of transfers of the coefficients or as some form of records/packets that define a data stracture that carries the coefficient data of the cryptotext multivector (C).
  • C cryptotext multivector
  • C cryptotext numeric data
  • C cryptotext numeric data
  • a "Shared Secret” is a fundamental element in cryptography.
  • a Shared Secret enables secure communication between two or more parties.
  • the Shared Secret is a number string of digits that may be packed into a multivector in the manner shown above.
  • the "Shared Secret Multivector” may be used to operate on other muitivectors, such as creating the geometric product of the Shared Secret Multivector and the message multivector.
  • the Diffie-Hellman protocol uses the multiplicative group of integers modulo p (see, for example,
  • Bob chooses a secret integer b (Bob's password) and creates his signature S° as
  • Diffie-Hellman protocol is not limited to negotiating a key shared by only two participants. Any number of users can take part in the agreement by performing iterations of the protocol and exchanging intermediate data.
  • the cryptotext is created using the EDCE primitive which is the geometric product of the Message multivector and one or more other multivectors.
  • the cryptotext multivector may be the geometric product of the Message multivector and the Shared Secret Multivector.
  • the cryptotext multivector can be defined as the geometric product:
  • C In order to be transmitted, as a payload, C now may be converted to a base 10 number, through the "multivector to number" conversion process described above.
  • the Geometric Product of the Message Multivector may be taken with more than one other multivector or by using the same multivector twice to form a sandwich or by the addition of left and right multivector operations on the same Shared Secret Multivector.
  • Cryptotext Multivector there are several alternative methods to construct the Cryptotext Multivector.
  • One alternative is to encrypt the plaintext message using a conventional symmetric cipher such as AES, converting the number string output of that cipher to multivector format and use this multivector in calculating the geometric product with S s , which yields C.
  • AES symmetric cipher
  • This alternative may be practiced during the transition to EDGE within the enterprise to preserve backward compatibility with legacy encryption systems. Decryption
  • Fig. 5 is a flow chart 500 of an embodiment for the core Enhanced Data-Centric Encryption (EDGE) encryption/decryption performed by using a geometric product
  • EDGE Enhanced Data-Centric Encryption
  • Setup (502) The sequence is initiated by establishing the signature and shared secret multivectors.
  • the Diffie-Hellman procedure 508 is shown but other asymmetric key ciphers such as RSA may be used to generate a number string known only to the source 504 and the destination 506.
  • end-point devices may be "pre-conditioned" with a secret (number string) known to the system administrator from which the session multivectors may be constructed.
  • the Diffie-Hillman procedure 508 sets up/creates the shared secret keys 510 and then the setup 502 creates multivectors of the Diffie-Hillman keys 510 in the multivector setup 512.
  • Source (504) The Message Multivector 516 is constructed at the create message operation 514 by concatenating the message ASCII code string to a number string and then distributing that number to the coefficients of the message multivector at 514.
  • the method of distributing to coefficients uses a prescribed algorithm known and used by both the source 504 and the destination 506.
  • the Message Multivector 516 is then encrypted 518 by computing the geometric product of the message and Shared Secret multivectors.
  • the coefficients of the Cryptotext Multivector 520 are then concatenated into a base 10 number string, C (524), and transmitted through a user-defined dispatch function 526 over an electronic network/bus communication channel 528.
  • Destination (506): C (532) is received through a user-defined operation 530 and converted back to the Cryptotext Multivector 536 using the prescribed distribution method 534.
  • the Message Multivector 540 is then converted to a number string and then to plaintext at 542.
  • FIG. 6 is a flow chart 600 of an embodiment for the EDCE
  • Setup (602) The sequence is initiated by establishing the signature and shared secret multivectors.
  • the Diffie-Hellman procedure 608 is shown but other asymmetric key ciphers such as RSA may be used to generate a number string known only to the source 604 and the destination 606.
  • end-point devices may be "pre-conditioned" with a secret (number string) known to the system administrator from which the session multivectors may be constructed.
  • the Diffie-Hillman procedure 608 sets up/creates the shared secret keys 610 and then the setup 602 creates multivectors 612 of the Diffie-Hillman keys in the multivector setup 612.
  • Source (604) The Message Multivector 616 is constructed at the create message operation 614 by concatenating the message ASCI I code string to a number string and then distributing that number to the coefficients of the message multivector at 614.
  • the method of distributing to coefficients uses a prescribed algorithm known and used by both the source 604 and the destination 606.
  • the Message Multivector 616 is then encrypted 618 by computing the geometric product of the message and Shared Secret multivectors.
  • the coefficients of the Cryptotext Multivector 620 are then concatenated into a base 10 number string, C (624), and transmitted through a user-defined dispatch function 626 over an electronic network/bus communication channel 628.
  • Destination (606) C (632) is received through a user-defined operation 630 and converted back to the Cryptotcxt Multivector 636 using the prescribed distribution method 634.
  • a pair o symmetric shared secret keys may be used instead of a single shared secret key.
  • the original shared secret numeric value S s which may be obtained from a key exchange procedure, such as, but not limited to, the Diffie-Hellman key exchange process, may be used as the first shared secret numeric key of the pair of symmetric shared secret keys;
  • the original shared secret numeric key (S s ) may be loaded into a multivector representation, which may be denoted as (S s ).
  • a 0- Blade Reduction Operation on the original shared secret multivector (S s ) may be performed in order to extract/generate/obtain a scalar value that is the second shared secret numeric key (S Sl );
  • the scalar that results from 0-Blade Reduction Operation which has been defined as (Ss 2 ), may be loaded into a multivector through another multivector coefficient distribution operation with the resulting multivector being the second shared secret multivector (3 ⁇ 4 2 ).
  • Fig. 7 is a block diagram 700 illustrating generating/extracting/obtaining a second shared secret multivector key (3 ⁇ 4 2 ) 712 from the original shared secret multivector (S s ) 704 for an embodiment.
  • the original shared secret multivector (S s ) 704 may be used to encrypt and decrypt data as the first shared secret multivector key of a pair of symmetric shared secret multivector keys.
  • the 0-Blade Reduction Operation 706 results in the scalar value of the second shared secret numeric key (S S2 ) 708.
  • a number to multivector coefficient distribution process 710 converts the second shared secret numeric key (S s ) into a second shared secret multivector ( y 2 ) 712.
  • the second shared secret multivector (3 ⁇ 4 2 ) may then be used to encrypt and decrypt data as the second shared secret multivector key of a pair of symmetric shared secret multivector keys.
  • the first encryption primitive can be created through a sequence of geometric products using the pair of keys generated via the 0-Blade Reduction Operation (described herein, above) as follows:
  • the decryption operation involves the closed-form solution of the Sylvester's equation for 3-dimensional multivector space as follows:
  • a multivector may act as a Geometric Algebra object such that components of multi-dimensions and Clifford k-vectors are present.
  • An example is:
  • a typical, but not the only, arithmetic function used for secret sharing is the Diffie-Hcllman function, which is based on cyclic groups with element g; for example:
  • S s g ab mod p
  • S s is a shared secret which can be used by both the source and destination sides and where the operation g' ll) mod p yields S s . This is standard in the cyber security field.
  • the shared secret S s is changed to a multivector in the same or a similar manner, such as:
  • the multi vector-based Sylvester's equation may be used to create a cipher.
  • the cryptotext multivector C is:
  • the first encryption primitive may be created through a sequence of geometric products using the pair of keys generated via the 0-Blade Reduction Operation (described above) as follows:
  • the decryption process may comprise the following steps:
  • the multivector based Sylvester's equation may be employed here to generate a second encryption primitive which also uses the pair of symmetric shared secret keys generated via the 0- Blade Reduction Operation (described above), as follows:
  • the cipher multivector C which is a result of the multivector based Sylvester's equation above, is converted into a number, denoted by C and defined as a pre-cipher. This number is the information to be sent from the source computing device to the destination computing device.
  • the decryption operation involves the closed-form solution of the multivector based Sylvester's equation for 3-dimensional multivector space and the XOR 'unmask' previously described for the "sandwich" / triple product above.
  • the summarized processes are given below:
  • Section 3 Homomorphic EDCHE Enhancements to EDGE Operation
  • EDCHE is an extension to the EDGE cryptosystem described in more detail in Sections 1 and 2 above.
  • the extension to support homomorphic operations requires additional considerations, particularly in the organization of the data message multivector coefficients, but, for the most part, the extension to support homomorphic operations relies on the intrinsic algebraic homomorphism of the Geometric Algebra foundation that are part of the encryption/decryption functions of the core EDGE.
  • the Geometric Algebra geometric product operations that perform the actual encryption and decryption operations remain the same for both EDGE and EDCHE embodiments.
  • the handling of the security keys also remains the same for both EDGE and EDCHE embodiments, including the data organization for "number to multivector" operations and any restrictions thereon.
  • any operations to convert text to a number and/or operations to convert a number also remain the same for both EDGE and EDCHE embodiments.
  • the choice of whether or not to convert a cryptotext multivector (C) into cryptotext numeric data (C) prior to transmitting the encrypted data to a destination system (or to an intermediary system along the path to the final destination) remains the same for both EDCE and EDCHE embodiments and the processes to convert between cryptotext multivector (C) and cryptotext numeric data (C) also remain the same between EDCE and EDCHE, except there may be some restrictions on the types of permissible operations allowed for EDCHE embodiments to ensure that an intermediary computing system operating on the encrypted data does not need knowledge of any security keys involved in the encryption/decryption process.
  • the EDCHE embodiments add further restrictions that the data organization preserves homomorphic properties (i.e., have a homomorphic preserving mathematical relationship between the vectors utilized in the encryption process and the original plaintext messages being encrypted).
  • an EDCHE embodiment simply adds restrictions to an EDCE system regarding data organization operations for the multivector representation of the data being encrypted as well as to conversions between a cryptotext multivector (C) and a cryptotext numeric data (C)
  • EDCH embodiments being a subset of EDCE embodiments may operate as EDCE embodiments, but EDCE embodiments may not all necessarily operate as EDCHE embodiments.
  • Potential homomorphic encryption operations for an EDCHE embodiment may include multiple operations, such as, but not limited to: encrypted addition/subtraction, scalar addition/subtraction, encrypted multiplication, scalar multiplication, encrypted searching, and encrypted sorting.
  • Each of the potential homomorphic encryption operations involves operations particular to the particular operation. For this reason, separate disclosures for each particular operation may be presented to so as to make the clear the specific details comprising the implementation of each particular operation.
  • An additional document that briefly presents the combination of the potential homomorphic operations may also be separately presented that provides a brief summary of each operation and provides the additional details for performing combinations of the potential encryption operations. In view of potential disclosures, this particular disclosure is intended to address the specific details that comprise the particular details of additive homomorphic encryption operations.
  • EDCHE The description of EDCHE below will typically use the term “source” for the entity (e.g., computing device/system) where numeric values that are operands of the additive homomorphic operation originate and “destination” for the entity (e.g., computing device/system) that receives the result of the additive homomorphic operation.
  • source for the entity (e.g., computing device/system) where numeric values that are operands of the additive homomorphic operation originate
  • destination the entity (e.g., computing device/system) that receives the result of the additive homomorphic operation.
  • intermediarry will typically define the “intermediate” entity acting in between the source(s) and destination on the encrypted numeric value operands originated at the source entity(ies).
  • client may be used to describe the owner of the operand and/or result data (i.e., the source and/or destination computing device/system), while the generic term “cloud” may be used for data that is at rest in an untrusted environment (i.e., the intermediary computing system/device).
  • client and cloud may more closely reflect a real world application where the source and destination are the same entity, sending data to the intermediary "cloud” for storage, then requesting an operation (e.g., a sum of stored transaction dollar amounts stored in encrypted format on the cloud) from the cloud when needed by the client.
  • source, destination, and intermediary reflect the relative operations being performed by computing system/device, and do not necessarily define the computing system/device as whole.
  • the source, destination, and intermediary operations/systems may reside as a particular application on one or more computing systems/devices.
  • the source, destination, and intermediary computing systems/devices may be general purpose computing systems capable of running multiple applications at the same time, it is inherently possible that the source, destination, and intermediary operations are encapsulated as separate applications/functions that may permit, one, two, or all of the separate applications/functions to run on a single computing device/system.
  • a single interconnected computer system of single owner/client may have untrusted environments that include data that i at rest (i.e., stored) in the owner/client's own end-point devices outside of the owner/client's digital secure perimeter.
  • homomorphism refers to a structure-preserving map between two algebraic structures, such as groups, rings, or vector spaces.
  • An algebra homomorphism between two algebras is one that preserves the algebra structure.
  • the method by which numbers are "packed" (i.e., distributed) into multivector coefficient elements should necessarily maintain some mathematical representation of the original number. Consequently, the packing/distribution method may define, among many things, the Geometric Algebra operations permissible for an EDCFIE embodiment. For example, the Rationalize operation on multivectors yields zero when all multivector coefficients are equal.
  • Such multivectors having all equal coefficients have no inverse and the geometric product of such multivectors having all equal coefficients with another multivector has no inverse.
  • the decryption methodology for EDGE and EDCHE systems utilize the inverse of the cryptotext multivector being decrypted and of the security key(s) multivector to perform the decryption. Therefore, the cryptotext multivector being decrypted should not have all equal value coefficients.
  • One means to ensure that the cryptotext multivector being decrypted does not have all equal value coefficients is to have the packing/coefficient distribution method ensure that not all coefficients are equal to each other (i.e., at least one coefficient should be different than the other coefficients) when creating the shared security multivector(s) and the data message multivectors. For an embodiment of the EDGE that simply transfers the data message, this will ensure that the cryptotext multivector to be decrypted will not have all equivalent coefficients.
  • the same packing/coefficient distribution method to ensure that the source message multivectors do not have all equivalent coefficients will minimize the potential for the cryptotext multivector being decrypted from having all equivalent coefficients, but, when various addition and subtraction operations are performed with multiple distinctly different cryptotext multivectors, there is a remote possibility that the cryptotext multivector result of the homomorphic operations will have all equivalent coefficients.
  • the destination computing device may simply assert that such a result cryptotext multivector is "undefined," or, the destination or intermediary computing system may provide a means to update the result cryptotext multivector so the result cryptotext multivector does not have all equivalent coefficients. Great care should be taken to ensure that such an update of the result cryptotext multivector does not change the ultimate value of the result plaintext value of the result cryptotext multivector after decryption.
  • the methods and systems that encrypt and decrypt messages using Geometric Algebra may utilize the intrinsic algebraic homomorphic properties of Geometric Algebra to permit arithmetic and other comparative operations on encrypted messages handled by an intermediary computing system without the need for the intermediary computing system to decrypt the encrypted messages prior to performing the arithmetic and other comparative operations. Accordingly, the intermediary computing system does not need to know any information regarding any of the secret security keys of the encryption/decryption processes to properly perform the arithmetic and other comparative operations.
  • the encrypted results of the arithmetic and other comparative operations performed by the intermediary computing system when decrypted at a destination computing device, produce results equivalent to the same operations as if the operations were performed on the unencrypted plain text messages.
  • a proper data organization methodology i.e., packing/distributing coefficients into a multivector
  • preserves such homomorphic properties i.e., the mathematical relationship between the vectors utilized in the encryption process and the original plaintext messages being encrypted
  • the distribution/packing data arrangement should also preserve a commutative mathematical relationship to the original numeric value being encrypted.
  • the method by which numbers are "packed" into mul ti vector elements must remain a representation of the original number.
  • One such relationship for packing the coefficients of the multivector that preserves homomorphic properties is to ensure that the coefficients of the multivector representation of the plaintext numeric message follow a mathematical data organization between the value of the plaintext numeric message and at least one of the values of the coefficients of the multivector representation of the plaintext numeric message where the mathematical operations incorporating the one or more values of the multivector coefficients have a result equal to the original plaintext numeric message value (i.e., the homomorphic preserving mathematical relationship).
  • the mathematical relationship may include: addition of at least one coefficient of the multivector coefficients, subtraction of at least one coefficient of the multivector coefficients, addition of a constant value, subtraction of a constant value, multiplication of at least one coefficient o the multivector coef ficients by a constant value, and division of at least one coefficient of the multivector coefficients by a constant value.
  • the location of the various mathematical operations relative to the particular locations of the coefficients in the multivector representation should also be consistently applied to all source numeric data messages converted to a multivector as well as for result multivectors converted to a result numeric data value in a particular encryption/decryption pathway.
  • an embodiment of an EDCHE system provides a cryptosystem that allows unlimited multiplications and additions of cipher text (i.e., transmitted/stored encrypted messages at the intermediary/cloud computer system) due solely to the intrinsic algebraic homomorphic properties of an embodiment of the EDCHE system.
  • an embodiment of an EDCHE system may provide the homomorphic properties as a product of algebraic homomorphism without the need to use additional methods, such as "bootstrapping" (e.g., performing a recursive operation to reduce the noise associated with a cipher text) to achieve the homomorphic properties.
  • bootsstrapping e.g., performing a recursive operation to reduce the noise associated with a cipher text
  • homomorphism refers to a structure-preserving map between two algebraic staictures, such as groups, rings, or vector spaces.
  • An algebra homomorphism between two algebras is one that preserves the algebra structure.
  • the method by which numbers are "packed" into multivector elements must remain a representation of the original number.
  • One such relationship for packing the coefficients of the multivector that preserves homomorphic properties is to ensure that the coefficients of the multivector representation of the plaintext numeric message follow a mathematical data organization between the value of the plaintext numeric message and at least one of the values of the coefficients of the multivector representation of the plaintext numeric message where the mathematical operations incorporating the one or more values of the multivector coefficients have a result equal to the original plaintext numeric message value.
  • the mathematical relationship may include: addition of at least one coefficient of the multivector coefficients, subtraction of at least one coefficient of the multivector coefficients, addition of a constant value, subtraction of a constant value, multiplication of at least one coefficient of the multivector coefficients by a constant value, and division of at least one coefficient of the multivector coefficients by a constant value.
  • the location of the various mathematical operations relative to the particular locations of the coefficients in the multivector representation should also be consistently applied to all source numeric data messages converted to a multivector as well as for result multivectors converted to a result numeric data value in a particular encryption/decryption pathway.
  • a homomorphic preserving mathematical relationship that includes both addition and subtraction operations might be, for a three dimensional multivector there are eight possible coefficients in the multivector representation (e.g., co, ci, c 2 , c?, cn, en, C23, and cm, numbered so as to correspond with the unit vector associated with each coefficient), if the coefficients for the ei and ei 2 unit vectors (i.e., C2 and C12) are subtracted in the calculation of the homomorphic preserving mathematical relationship for a first numeric data message conversion to a multivector, all other numeric messages converted to a message vector should also ensure that the C2 and c/2 coefficients are subtracted in the conversion homomorphic preserving mathematical relationship process.
  • the coefficients for the ei and ei 2 unit vectors i.e., C2 and C12
  • the homomorphic preserving mathematical relationship process should also retain the subtraction of the C2 and cn coefficients.
  • the actual values of the coefficients may be selected as desired by a user so long as the homomorphic preserving mathematical relationship equals the original numeric value being encrypted.
  • the only other restriction for multivectors representing different numeric values within a homomorphic operation is that the multivectors all share the same dimensionality (i.e., all multivectors are 2D, all multivectors are 3D, all multivectors 4D, etc.).
  • the first step in representing a numeric message value in a multivector is to define the number of coefficients that are present in the multivector.
  • the total number of coefficient elements to be determined is eight.
  • the coefficient selections may encompass any number that may be represented in the data type chosen by a system designer to hold the coefficient values, including, but not limited to: positive numbers, negative numbers, zero, integer numbers, rational numbers (including fractions), and/or real numbers.
  • Subtractions would be represented as negative coefficients. This "form" of the mul ti vector coefficients adding together would remain consistent regardless of whether or not the corresponding coefficient is added or subtracted in the homomorphic preserving mathematical relationship between the original numeric value and the coefficients of the representative multivector.
  • the EDCHE embodiment performs the homomorphic preserving mathematical relationship process such that all coefficients are added together and there are not any coefficients that are subtracted.
  • a first step might be to factorize the numeric message N and write the value N as a sum of other numbers (c,) that are to represent the numeric message value in a message multivector such that:
  • One skilled in the art will recognize that at this point there are many ways to assign the coefficient values (a) that will satisfy the homomorphic preserving mathematical relationship equation to enable proper operat ion of an EDCHE embodiment.
  • N mod n i.e., 5487 mod 8
  • C123 last coefficient value
  • N CO + Cl + C2 + Cj + Cl2 + C13 + C23 + CI 23
  • multivector N co + ci ei + ci Qi + a e3 + cn e. ⁇ i + cn en + C2i &2i + cm em
  • the assignment of which coefficient value receives the addition of the N mod n operation may be random, or the assignment may be of a predetermined form designed to increase entropy to enhance the encryption security.
  • N CO + Cl + C2 + C3 + C12 + C]3 + C23 + C123
  • multivector N co + cj e ⁇ + 02 e ⁇ + e + cn en + cn ei + cn e23 + m ei 2
  • multivector N 368 + 368e, + 368e 2 + 368e 3 + 368e i2 + 367e i 3 + 369e 23 + 368ei 23 Second example:
  • the EDCHE embodiment performs the homomorphic preserving mathematical relationship process such that all coefficients are added together and there are not any coefficients that are subtracted.
  • the homomorphic preserving mathematical relationship equation to represent the numeric value N would, again, be:
  • N CO + Cl + C2 + Ci + /2 + CI3 + C23 + CJ23
  • N CO + Cl + C2 + C3 + CJ2 + C13 + C23 + C123
  • the homomorphic preserving mathematical relationship equation that is set equal to the numeric value N may be defined to include some subtraction of some coefficients, addition of a constant value, and multiplication of coefficient values by a constant, as well as the omission of one of the coefficients (i.e., C123) from the homomorphic preserving mathematical relationship.
  • the homomorphic preserving mathematical relationship equation to represent the numeric value N might now be:
  • N C0 + C] - C2 + C3 - CI2 + 3 * CIS + C23 + 23
  • a modified version of the methodology of either the first example (use a mathematical equation to calculate the coefficient values) or the second example (randomly generated coefficient values) described above may be used to determine the coefficient values given that the homomorphic preserving mathematical relationship now subtracts some coefficients, adds a constant, multiplies a coefficient by a constant, and omits one coefficient from the homomorphic preserving mathematical relationship altogether.
  • the homomorphic preserving mathematical relationship now subtracts some coefficients, adds a constant, multiplies a coefficient by a constant, and omits one coefficient from the homomorphic preserving mathematical relationship altogether.
  • N C0 + Cl - C2 + C3 - C12 + 3 * CJ3 + C23 + 23
  • multivector N 901 + 985ei + 185e 2 - 584e 3 + 286ej 2 + 882ei 3 + 1987e 23 + 333ei 23
  • cm value of 333 is a dummy value not included in the homomorphic preserving mathematical relationship, but may potentially be used to provide other features such as signature capability and/or passing of command or other information.
  • a homomorphic preserving mathematical relationship that includes some subtractive elements has the advantage of being able to represent negative numbers and zero without the coefficient values being negative for a user that prefers to not have negative coefficient values.
  • numeric value from the coefficients of a numeric data message multivector is relatively simple and straight forward.
  • To obtain the numeric data message value simply perform the homomorphic preserving mathematical relationship equation for the numeric data message multivector using the values of the multivector coefficients plugged into the homomorphic preserving mathematical relationship equation.
  • the examples given below provide the "multivector to number” process appropriate for the same example number as described above for the "number to multivector" process.
  • homomorphic preserving mathematical relationship process such that all coefficients are added together and there are not any coefficients that are subtracted.
  • the homomorphic preserving mathematical relationship equation to represent the result numeric value N would be:
  • N CO + C] + C2 + C3 + C12 + Cl3 + C23 + C 123
  • multivector N co + cj ei + o e 2 + cj e 3 + cn tn + c/j ei 3 + cu e 2 + c/25 ei 23 then the result multivector may be rewritten to highlight the appropriate positive and negative values as:
  • N C0 + C] + C2 + C3 + C12 + C13 + C23 + m
  • N (333) + (-201 ) + (248) + (506) + (-71 ) + (80) + (21 1 ) + (-743)
  • N 333 - 201 + 248 + 506 - 71 + 80 + 21 1 - 743 such that result numeric value N would be:
  • the EDO IE embodiment performed the homomorphic preserving mathematical relationship process such that all coefficients are added together and there are not any coefficients that are subtracted, which is the same homomorphic preserving mathematical relationship equation as for the first example above. Consequently, the "multi vector to number” process is identical to that as described for the "multivector to number” process of the first example given above.
  • the EDCHE embodiment performed the homomorphic preserving mathematical relationship process such that all coefficients are added together and there are not any coefficients that are subtracted.
  • the third example from above changed the homomorphic preserving mathematical relationship equation to include some subtraction of some coefficients, addition of a constant value, and multiplication of coefficient values by a constant, as well as the omission of one of the coefficients (i.e., a 23) from the homomorphic preserving mathematical relationship.
  • multivector N CO + Cl - C2 + C3 - C12 + 3 * C13 + C23 + 23
  • N 1947 where the C123 value of 192 is ignored as a dummy value not included in the homomorphic preserving mathematical relationship. Note that the third example result of 1947 does not equal the first example result of 3316 for the same result multivector. Thus, demonstrating the necessity of using the same homomorphic preserving mathematical relationship equation for all encrypted multivectors of a homomorphic summation operation.
  • N C() + Cj - C2 + C3 - CI2 + 3* C]3 + C23 + 23
  • is the encryption operation.
  • the unencrypted "sum” of plaintext messages is equal to the comparable encrypted "sum” of the encrypted messages the operation is additive homomorphic.
  • the term "sum” for additive homomorphic operations includes both addition and subtraction operations.
  • the plaintext messages and the corresponding encrypted messages should be added and subtracted in a comparable manner so that corresponding entities are similarly added or subtracted in the "sum” operation.
  • D j 1250 + 1250e, + 1250e 2 + 1250e 3 + 1250e 12 + 1250e 13 + 1250e 23 + 1250e 123
  • D 2 687 + 687*? ! + 687e, + 687e 3 + 687e 12 + 687e 13 + 687e 23 + 691e 123
  • D 3 875 + 875 ⁇ + 875e 2 + 875e 3 + 875e 12 + 875e 13 + 875e 23 + 875e 123 [0203] Given the following secret multivectors (where S 2 is derived from S 1 as in Section 2(F))
  • Si 3 + 2e x + 4e 2 + 8e 3 + 5e 12 + 7e 13 + 3e 23 -I- 6e 123 S 2 - 11 + Se- ! + 3e 2 + 15e 3 + 4e 12 + 17e 13 + 2e 23 + le 123
  • CD 3 3 ⁇ 43 ⁇ 43 ⁇ 4 which will generate:
  • CD l -155000 - 125000e v + 600000e 2 - 305000e 3 + 670000e 12 - 285000e 13
  • CD 2 -85612 - 68900e t + 330136e 2 - 168380e 3 + 368640e 12 - 157332e 13
  • ⁇ CD - 108500 + -87500 ⁇ -I- 420000e 2 - 213500e 3 + 469000e 12 - 199500e 13
  • CD 1 , CD 2 and CD 3 are sent to the cloud and stored.
  • Alice may request that the cloud (i.e., intermediary computing system) perform the following computation and return the result to Alice (i.e., Alice' s computing system acting as both all sources of data inputs and the destination that receives the calculation result).
  • TCD represent the sum of the debt amounts calculated on the encrypted data, such that:
  • TCD CD 1 + CD 2 + CD 3
  • TCD -349112 - 281400 ⁇ + 1350136e 2 - 686880e 3 + 1507640c, 2 - 641832c,
  • the cloud sends TCD to Alice.
  • TCD the multivector sum of the total debts
  • TD 2812 + 2812(3! + 2812e 2 + 2812e 3 + 2812e 12 + 2812e 13 + 2812e 23 + 2812e 123 Converting TD to a base 10 number yields:
  • P x 75 + 375e, -I- 375e 2 + 375e 3 + 375e 12 + 375e 13 + 375e 23 + 375e 123
  • P 2 500 + 500e, + 500e 2 + 500e 3 + 500e 12 + 500e 13 + 500e 23 + 500e 123
  • P 3 1250 + 1250 ⁇ ! + 1250e 2 + 1250e 3 -I- 1250e 12 + 1250e 13 + 1250e 23 + 1250e 123
  • the payments may be encrypted by applying the triple product technique as follows:
  • CP 2 -62000 - 50000e x + 240000e 2 - 122000e 3 + 268000e 12 - 114000e 13
  • CP After encryption, CP, . CP 2 and CP are sent to the cloud and stored. Again, if Alice wants to know the total of payments the cloud performs the following operation on the encrypted data:
  • TCP CP X + CP 2 + CP 3
  • TCP -263500 - 212500 ⁇ + 1020000e 2 - 518500e 3 + 1139000e 12 - 484500e 13
  • TCP is the sum of the total payments calculated on the encrypted data.
  • the cloud sends TCP to Alice.
  • Alice then decrypts the received information as follows:
  • TP 2125 + 21256 ! + 2125e 2 + 2125e 3 + 2125e 12 + 2125e 13 + 2125e 23 + 2125e 123
  • TP is the decrypted value of the total payments.
  • UB her updated balance
  • JjB 687 + 687e, + 687e 2 + 687e 3 + 687e 12 + 687e 13 + 687e 23 + 687e r
  • real numbers i.e., decimal numbers, which are typically handled by some type of floating point, or fixed point, data type variable in most computer programming languages
  • decimal numbers may be used to represent any of the various aspects of the encryption/decryption process for an EDCHE (as well as for an EDGE) embodiment, including decimal numbers for the numeric data message input, the coefficients of the various multivectors, and/or the result value of a homomorphic additive (i.e., summation) operation, as described in the example below.
  • CA -16777187.823 - 16761519.345c, + 7557035.187e 2 - 16760680.515c 3
  • CD -23954683.206 - 23935204.026 ⁇ ! + 22950544.194e 2 - 23928426.81e 3
  • Fig. 8 is a block diagram 800 of the hardware implementation for an additive homomorphic encryption embodiment.
  • One or more source computing devices 802 are connected over an electronic network/bus connection 804 to an intermediary (e.g., cloud) computing device 806.
  • the source computing device(s) 102 sends the two or more cryptotext multivectors 810 that will "summed" through the additive homomorphism of an EDCHE embodiment at the intermediary computing system 806 over the network/bus connection 104 to the intermediary computing system 806.
  • the two or more cryptotext multivectors 810 may be created on a single source computing device 802 or the two or more cryptotext multivectors 810 may be created on multiple source computing devices 802.
  • the intermediary computing system 806 receives the two or more cryptotext multivectors 810 from the network/bus connection 804.
  • the intermediary computing system 806 may immediately perform a "sum" of the two or more cryptotext multivectors 810 using vector addition/subtraction (as instructed by a user) or the intermediary computing system 806 may store the two or more cryptotext multivectors 810 until such time that the intermediary computing system 806 is instnicted to perform the homomorphic sum operation.
  • the intermediary computing system sends the encrypted homomorphic sum additive result multitvector 812 to the destination computing system 808 over the network/bus communication connection 804.
  • the destination computing system 808 receives the encrypted homomorphic sum additive result multivector 812 from the network/bus communication connection 804 and decrypts the encrypted homomorphic sum additive result multivector 812 to obtain the desired plaintext additive result.
  • the cryptotext multivectors 810 may be converted to non-multivector cryptotext when being sent over the network/bus communication connection 804, then converted back into cryptotext multivectors at the intermediary computing system 806 for additive homomorphic operations.
  • the encrypted homomorphic sum additive result multivectors 812 may be converted to non- multivector additive result cryptotext when being sent over the network/bus communication connection 804, then converted back into the encrypted homomorphic sum additive result multivector 81 2 at the destination computing device 808 for decryption by the destination computing device 808 into the plaintext additive result.
  • communications are bidirectional such that the source(s) computing device 802, the intermediary computing system 806, and/or the destination computing device 808 may change roles so as to operate as a source computing device 802, the intermediary computing system 806, and/or the destination computing device 808 as is necessary to accommodate the transfer of data back and forth between the source(s) 102 and destination 808 computing devices as well as for computation of homomorphic summations at the intermediary computing system 806.
  • the source(s) computing device 102 appears to be a laptop computer and the destination computing device 808 appears to be a tablet device.
  • any computing device capable of communication over any form of electronic network or bus communication platform 804 may be one, multiple or all of the source(s) computing device 802, the intermediary computing system 806, and/or the destination computing device. Further still, the source(s) 802, intermediary 806, and destination computing devices/systems 808 may actually be the same physical computing device communicating over an internal bus connection 804 with itself, but still desiring encrypted communication to ensure that an attacker cannot monitor the internal communications bus 804 or hack an unprotected area of the computing system (i.e., the intermediary section 806) in order to obtain sensitive data communications in an unencrypted format.
  • Various embodiments may implement the network/bus communications channel 804 using any communications channel 804 capable of transferring electronic data between the source(s) 802, intermediary 806, and/or destination 808 computing devices/systems.
  • the network/bus communication connection 804 may be an Internet connection routed over one or more different communications channels during transmission from the source(s) 802 to the intermediary 806 computing system, and then onto the destination computing device 808.
  • the network/bus communication connection 804 may be an internal communications bus of a computing device, or even the internal bus of a processing or memory storage Integrated Circuit (IC) chip, such as a memory chip or a Central Processing Unit (CPU) chip.
  • IC Integrated Circuit
  • the network/bus communication channel 804 may utilize any medium capable of transmitting electronic data communications, including, but not limited to: wired communications, wireless electro-magnetic communications, fiber-optic cable communications, light/laser communications, sonic/sound communications, etc., and any combination thereof of the various communication channels.
  • the various embodiments may provide the control and management functions detailed herein via an application operating on the source(s) 802, intermediary 806, and/or destination 808 computing devices/systems.
  • the source(s) 802, intermediary 806, and/or destination 808 computing devices/systems may each be a computer or computer system, or any other electronic devices device capable of performing the communications and computations of an embodiment.
  • the source(s) 802, intermediary 806, and/or destination 808 computing devices/systems may include, but are not limited to: a general purpose computer, a laptop/portable computer, a tablet device, a smart phone, an industrial control computer, a data storage system controller, a CPU, a Graphical Processing Unit (GPU), an Application Specific Integrated Circuit (ASI), and/or a Field Programmable Gate Array (FPGA).
  • the first 102 and second 106 computing devices may be the storage controller of a data storage media (e.g., the controller for a hard disk drive) such that data delivered to/from the data storage media is always encrypted so as to limit the ability of an attacker to ever have access to unencrypted data.
  • Embodiments may be provided as a computer program product which may include a computer-readable, or machine-readable, medium having stored thereon instructions which may be used to program/operate a computer (or other electronic devices) or computer system to perform a process or processes in accordance with the various embodiments.
  • the computer-readable medium may include, but is not l imited to, hard disk drives, floppy diskettes, optical disks, Compact Disc Readonly Memories (CD-ROMs), Digital Versatile Disc ROMS (DVD-ROMs), Universal Serial Bus ( USB) memory sticks, magneto-optical disks, ROMs, random access memories (RAMs), Erasable Programmable ROMs (EPROMs), Electrically Erasable Programmable ROMs (EEPROMs), magnetic optical cards, flash memory, or other types of media/machine- readable medium suitable for storing electronic instructions.
  • the computer program instructions may reside and operate on a single computer/electronic device or various portions may be spread over multiple computers/devices that comprise a computer system.
  • embodiments may also be downloaded as a computer program product, wherein the program may be transferred from a remote computer to a requesting computer by way of data signals embodied in a carrier wave or other propagation medium via a communication link (e.g., a modem or network connection, including both wired/cabled and wireless connections).
  • a communication link e.g., a modem or network connection, including both wired/cabled and wireless connections.
  • Fig. 9 is a flow chart 900 of the general operation for an additive homomorphic encryption embodiment.
  • a shared secret numeric data value (S s ) is shared between the source(s) 902 and destination 906.
  • the various embodiments may share the shared secret numeric data value (S s ) between the source(s) 902 and destination 906 via any means desired by the users.
  • S s shared secret numeric data value
  • the shared secret numeric data value (S s ) may be shared between the source(s) 906 and destination 906 by means including, but not limited to: pre-conditioning the source(s) 902 computing device and the destination 906 computing device with the shared secret numeric value (S s ), a standard public/private key exchange technique, RSA (Rivest-Shamir-Adleman) key exchange, and/or Diffie-Hellman key exchange (disclosed in more detail herein, below).
  • the original shared secret may be an alphanumeric string in ASCII (American Standard Code for
  • both the source(s) 902 and destination 906 need to know and use the same alphanumeric text conversion into a numeric value process to ensure that results of both the source(s) 902 and the destination 906 are the same.
  • the process 910-916 of source(s) 902 are performed at least twice in order to create the two or more cryptotext multivectors that are to be summed using additive homomorphic properties.
  • the source(s) 902 distributes the numeric message data (M) into message multivector ( ) coefficients in accord with a homomorphic mathematical relationship equation between a plaintext data value and coefficients of a multivector that represents the plaintext data value.
  • all sources 902 and the destination 906 should use the same homomorphic preserving mathematical relationship to preserve the homomorphism of the encrypted data.
  • the encryption system will work with just one non-zero message multivector (M) coefficient, but, the more non-zero message multivector (M) coefficients there are, the stronger the encryption will become, so it is desirable to have more than one non-zero message multivector (M) coefficient.
  • the source(s) 202 distributes shared secret numeric value (S s ) into shared secret multivector ( S ) coefficients.
  • the encryption system will work with just one non-zero shared secret multivector (S s ) coefficient, but, the more non-zero shared secret multivector (S s ) coefficients there are, the stronger the encryption will become, so, again, it is desirable to have more than one non-zero shared secret multivector (S s ) coefficient.
  • S s non-zero shared secret multivector
  • One skilled in the art will recognize that there are many approaches for distributing numeric data into several coefficients of a multivector ⁇ see herein, above for disclosure of some example packing/distribution methods).
  • the primary requirement for the distribution process from the numeric values of the message (M) and the shared secret (S s ) to the multivector coefficient values ( and S s ) is that the source(s) 902 and the destination 906 both know the processes 910/230 and 912/926 such that the destination 904 can get the proper value for the homomorphic additive result (AR). As long as it is known to both the source(s) 902 and the destination 904, the distribution of numeric data to multivector coefficients may be performed differently between the message
  • the distributing/packing method defines, among many things, the Geometric Algebra operations permissible for EDGE and/or EDCHE embodiments.
  • the Rationalize operation on multivectors yields zero when all multivector coefficients are equal.
  • Such multivectors having all equal coefficients have no inverse and the geometric product of such multivectors having all equal coefficients with another multivector has no inverse.
  • the Rationalize operation on multivectors yields zero when all multivector coefficients are equal.
  • Such multivectors having all equal coefficients have no inverse and the geometric product of such multivectors having all equal coefficients with another multivector has no inverse.
  • the decryption methodology for EDCE and EDCHE systems utilize the inverse of the cryptotext multivector being decrypted and of the security key(s) multivector to perform the decryption. Therefore, the cryptotext multivector being decrypted should not have all equal value coefficients.
  • One means to ensure that the cryptotext multivector being decrypted does not have all equal value coefficients is to have the packing/coefficient distribution method ensure that not all coefficients are equal to each other (i.e., at least one coefficient should be different than the other coefficients) when creating the shared security multivector(s) and the data message multivectors.
  • the same packing/coefficient distribution method to ensure that the source message multivectors do not have all equivalent coefficients will minimize the potential for the cryptotext multivector being decrypted from having all equivalent coefficients, but, when various addition and subtraction operations are performed with multiple distinctly different cryptotext multivectors, there is a remote possibility that the cryptotext multivector result of the homomorphic operations will have all equivalent coefficients.
  • the destination computing device 904 may simply assert that such a result cryptotext multivector is "undefined," or, the destination or intermediary computing system may provide a means to update the result cryptotext multivector so the result cryptotext multivector does not have all equivalent coefficients. Great care should be taken to ensure that such an update of the result cryptotext multivector does not change the ultimate value of the result plaintext value of the result cryptotext multivector after decryption. Therefore, it may be desirable for the distribution/packing method to also ensure that not all coefficients are equal to each other (i.e., at least one coefficient should be different than the other coefficients).
  • the "packed" multivector that represents the original plaintext numeric message have a mathematical relationship (i.e., the homomorphic preserving mathematical relationship) to the original plaintext numeric message.
  • the term homomorphism refers to a structure-preserving map between two algebraic structures, such as groups, rings, or vector spaces.
  • An algebra homomorphism between two algebras is one that preserves the algebra structure.
  • the method by which numbers are "packed" into multivector elements must remain a representation of the original number.
  • One such relationship for packing the coefficients of the multivector that preserves homomorphic properties is to ensure that the coefficients of the multivector representation of the plaintext numeric message follow a mathematical data organization between the value of the plaintext numeric message and at least one of the values of the coefficients of the multivector representation of the plaintext numeric message where the mathematical operations incorporating the one or more values of the multivector coefficients have a result equal to the original plaintext numeric message value.
  • the mathematical relationship may include: addition of at least one coefficient of the multivector coefficients, subtraction of at least one coefficient of the multivector coefficients, addition of a constant value, subtraction of a constant value, multiplication of at least one coefficient of the multivector coefficients by a constant value, and division of at least one coefficient of the multivector coefficients by a constant value.
  • the location of the various mathematical operations relative to the particular locations of the coefficients in the multivector representation should also be consistently appl ied to all source numeric data messages converted to a multivector as well as for result multivectors converted to a result numeric data value in a particular encryption/decryption pathway.
  • the distribution (i.e., "packing") of the shared secret multivector (S s ) may be performed in any fashion so long as the distribution (i.e., "packing") method of the shared secret multivector (S s ) is known and used consistently by the source 902 and destination 906 computing devices as, ultimately, the shared secret multivector (S s ) used by the source 902 and destination 960 should be equal to each other to ensure that the decryption operations 226 work properly in relation to the encryption 214 operations.
  • the number of potential coefficients is directly related to the size/dimension (N) of the multivectors such that the number of coefficients increases by a factor of 2 (i.e., 2 N ) for each incremental increase in the size/dimension (N) of the multivector.
  • using multivectors of at least two dimensions will provide at least four coefficients to distribute the numeric data of the message (M) and the shared secret (S s ).
  • the confusion and/or diffusion security characteristics will also be increased due to the additional ly available multivector coefficients. Further, with the additionally available coefficients it is also possible to transfer more data in a single multivector message (M) payload using the additionally available multivector coefficients.
  • M multivector message
  • the source(s) 902 encrypts a cryptotext multivector (C) as a function of at least one Geometric Algebra geometric product operation on the message multivector ( ) and the shared secret multivector (S s ). Due to the nature of the geometric product operation of Geometric Algebra, there are many possible variations of the geometric product application that will provide similar degrees of confusion and diffusion.
  • the source(s) 902 sends the cryptotext multivector (C) to the intermediary computing system 904.
  • Various embodiments may optionally convert the cryptotext multivector (C) into cryptotext numeric data (C) in accord with reverse operation of a cryptotext data coefficient distribution algorithm that is known to the source(s) 902, intermediary (904), and the destination 906.
  • An embodiment may also skip conversion to cryptotext numeric data (C) and directly send a representation of the cryptotext multivector (C) without first converting the cryptotext multivector (C) into cryptotext numeric data (C).
  • the transmission may be implemented as a series of transfers of the coefficients or as some form of records/packets that define a data structure that carries the coefficient data of the cryptotext multivector (C).
  • C the coefficient data of the cryptotext multivector
  • Not converting the cryptotext multivector ( ) into cryptotext numeric data (C) has the advantage of avoiding the processing time for the conversion as well as having the advantage that, for homomorphic operations performed at an intermediary computing system, the intermediary computing system need not have any knowledge of the methodology used to create the cryptotext multivector (C).
  • process 216 is used to convert the cryptotext multivector (C) into cryptotext numeric data (0, it is necessary for any computing device/system that wishes to operate on the cryptotext multivector (C) to have knowledge of the particular conversion methodology so that the computing device/system may properly recreate the cryptotext multivector (C).
  • a disadvantage of not converting the cryptotext multivector (C) into cryptotext numeric data (C) is that it may be possible to include additional confusion/diffusion features in conversion to cryptotext numeric data.
  • the intermediary computing system 904 receives the two or more cryptotext multivector (C) sent by the source(s) 902.
  • the intermediary performs the user desired vector additions/subtractions on the two or more cryptotext multivector (C) sent by the source(s) 902.
  • the intermediary 904 sends the additive result cryptotext multivector (ARC) to the destination 906.
  • the destination 906 receives the additive result cryptotext multivector (ARC) sent by the intermediary 904.
  • the destination 906 distributes shared secret numeric value (S s ) into shared secret multivector (S s ) coefficients in the same fashion as was done for the source(s) 902 at process 912.
  • the destination decrypts the additive result cryptotext multivector (ARC) as a function of at least one Geometric Algebra geometric product operation on the cryptotext multivector (C) and an inverse (S s 1 ) of the shared secret multivector (S s ) back into the message multivector (M).
  • the destination 906 converts the additive result cryptotext multivector (ARC) into the additive result cryptotext numeric (AR) in accord with reverse operation of homomorphic preserving mathematical relationship of the source(s) 902 at process 910.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Complex Calculations (AREA)

Abstract

L'invention concerne des procédés et des systèmes pour : chiffrer un nombre arbitraire de messages numériques à l'aide d'une algèbre géométrique sur au moins un dispositif informatique source (802) ; exécuter une sommation homomorphe additive sur les messages numériques chiffrés (810) de sorte à obtenir un résultat d'additif chiffré (812) sans déchiffrer les messages numériques chiffrés (810) sur un système informatique intermédiaire (806) qui n'a pas de connaissance des clés de sécurité de chiffrement ; et déchiffrer le résultat additif chiffré (812) à l'aide d'une algèbre géométrique sur un dispositif informatique de destination (808) de telle sorte que le résultat additif déchiffré soit égal au résultat de l'opération de sommation équivalente des messages numériques non chiffrés. Des opérations de chiffrement utilisent le produit géométrique (produit de Clifford) de multivecteurs créés à partir de texte en clair/données des messages de données numériques avec un ou plusieurs autres multivecteurs contenant des clés de chiffrement. L'opération de déchiffrement déchiffre le résultat de sommation additive à l'aide d'opérations d'algèbre géométrique telles que l'inverse d'un multivecteur, le conjugué de Clifford, et d'autres, conjointement avec le produit géométrique.
PCT/US2018/016000 2017-01-30 2018-01-30 Procédés et systèmes pour un chiffrement amélioré homomorphe additif centré sur les données à l'aide d'une algèbre géométrique WO2018140961A1 (fr)

Applications Claiming Priority (10)

Application Number Priority Date Filing Date Title
US201762452246P 2017-01-30 2017-01-30
US62/452,246 2017-01-30
US201762483227P 2017-04-07 2017-04-07
US62/483,227 2017-04-07
US15/667,325 US10728227B2 (en) 2016-08-02 2017-08-02 Methods and systems for enhanced data-centric encryption systems using geometric algebra
US15/667,325 2017-08-02
US201762572955P 2017-10-16 2017-10-16
US201762572970P 2017-10-16 2017-10-16
US62/572,955 2017-10-16
US62/572,970 2017-10-16

Publications (1)

Publication Number Publication Date
WO2018140961A1 true WO2018140961A1 (fr) 2018-08-02

Family

ID=62979708

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2018/016000 WO2018140961A1 (fr) 2017-01-30 2018-01-30 Procédés et systèmes pour un chiffrement amélioré homomorphe additif centré sur les données à l'aide d'une algèbre géométrique

Country Status (1)

Country Link
WO (1) WO2018140961A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060179489A1 (en) * 2001-06-22 2006-08-10 Joan-Maria Mas Ribes Conditional access system for digital data by key decryption and re-encryption
US20150170197A1 (en) * 2013-12-18 2015-06-18 Ned M. Smith Technologies for collecting advertising statistics in a privacy sensitive manner
US20150295712A1 (en) * 2012-10-30 2015-10-15 Nederlandse Organisatie Voor Toegepast- Natuurwetenschappelijk Onderzoek Tno Method and system for protected exchange of data
US20150381348A1 (en) * 2014-06-30 2015-12-31 Fujitsu Limited Encryption processing method, encryption processing device, and computer-readable recording medium storing program for encryption processing
US20160119119A1 (en) * 2014-05-15 2016-04-28 Xeror Corporation Compact fuzzy private matching using a fully-homomorphic encryption scheme

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060179489A1 (en) * 2001-06-22 2006-08-10 Joan-Maria Mas Ribes Conditional access system for digital data by key decryption and re-encryption
US20150295712A1 (en) * 2012-10-30 2015-10-15 Nederlandse Organisatie Voor Toegepast- Natuurwetenschappelijk Onderzoek Tno Method and system for protected exchange of data
US20150170197A1 (en) * 2013-12-18 2015-06-18 Ned M. Smith Technologies for collecting advertising statistics in a privacy sensitive manner
US20160119119A1 (en) * 2014-05-15 2016-04-28 Xeror Corporation Compact fuzzy private matching using a fully-homomorphic encryption scheme
US20150381348A1 (en) * 2014-06-30 2015-12-31 Fujitsu Limited Encryption processing method, encryption processing device, and computer-readable recording medium storing program for encryption processing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WANG ET AL.: "Discrete logarithm based additively homomorphic encryption and secure data aggregation", INFORMATION SCIENCCS: AN INTERNATIONAL JOURNAL, vol. 181, no. 16, August 2011 (2011-08-01), XP028214508, Retrieved from the Internet <URL:https://dl.acm.org/citation.cfm?id=1988502> [retrieved on 20180327] *

Similar Documents

Publication Publication Date Title
Albrecht et al. Homomorphic encryption standard
US20190109701A1 (en) Methods and systems for enhanced data-centric homomorphic encryption sorting using geometric algebra
US9942040B1 (en) Refreshing public parameters in lattice-based cryptographic protocols
US20190044697A1 (en) Methods and systems for enhanced data-centric homomorphic encryption searching using geometric algebra
US11323255B2 (en) Methods and systems for encryption and homomorphic encryption systems using Geometric Algebra and Hensel codes
CN110419194B (zh) 密钥交换设备和方法
US10103886B1 (en) Generating shared secrets for lattice-based cryptographic protocols
EP3494663B1 (fr) Procédés et systèmes pour des systèmes améliorés de chiffrement centré sur les données à l&#39;aide d&#39;une algèbre géométrique
US20180294951A1 (en) Methods and systems for enhanced data-centric scalar multiplicative homomorphic encryption systems using geometric algebra
Son et al. Conditional proxy re-encryption for secure big data group sharing in cloud environment
CN115549891B (zh) 同态加密方法、同态解密方法、同态计算方法及设备
Priyadharshini et al. Efficient Key Management System Based Lightweight Devices in IoT.
KR20220079522A (ko) 기하 대수 및 헨젤 코드들을 이용한 암호화를 위한 방법들 및 시스템들과 동형 암호화 시스템들
Gorbenko et al. Methods of building general parameters and keys for NTRU Prime Ukraine of 5 th–7 th levels of stability. Product form
WO2019079353A2 (fr) Procédés et systèmes de recherche améliorée de chiffrement homomorphe centré sur les données utilisant l&#39;algèbre géométrique
WO2018187604A1 (fr) Procédés et systèmes destinés à des systèmes améliorés de chiffrement homomorphe multiplicatif scalaire centré sur les données utilisant l&#39;algèbre géométrique
Fatima et al. A Secure Framework for IoT Healthcare Data Using Hybrid Encryption
Sundararajan et al. A comprehensive survey on lightweight asymmetric key cryptographic algorithm for resource constrained devices
WO2018140961A1 (fr) Procédés et systèmes pour un chiffrement amélioré homomorphe additif centré sur les données à l&#39;aide d&#39;une algèbre géométrique
Raja et al. Secure and efficient text encryption using elliptic curve cryptography
Sasikumar et al. Comprehensive Review and Analysis of Cryptography Techniques in Cloud Computing
Imam et al. An empirical study of secure and complex variants of RSA scheme
CN108075889B (zh) 一种降低加解密运算时间复杂度的数据传输方法及系统
Al-Doori et al. Securing IoT Networks with NTRU Cryptosystem: A Practical Approach on ARM-based Devices for Edge and Fog Layer Integration.
da Silva Fully Homomorphic Encryption Over Exterior Product Spaces

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18744810

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18744810

Country of ref document: EP

Kind code of ref document: A1