Protecting against malicious modification in cryptographic operations
First Claim
Patent Images
1. A method, comprising:
- obtaining a message and an identifying parameter associated with the message, wherein the message comprises a plurality of units;
generating a plurality of one-unit message authentication codes, each one-unit message authentication code corresponding to a respective unit of the plurality of units of the message, wherein each one-unit message authentication code is generated based on the identifying parameter associated with the message, a given one of the plurality of units, and the position of the given unit in the message; and
providing two or more possible combinations of values of a first one of the one-unit message authentication codes and a corresponding first authenticator string as inputs to a garbled-circuit based secure computation protocol, wherein the garbled circuit-based secure computation protocol outputs an indication of the validity of the first one-unit message authentication code;
wherein the method is performed by at least one processing device; and
wherein the message comprises an encryption key.
4 Assignments
0 Petitions
Accused Products
Abstract
A message and an identifying parameter associated with the message are obtained. The message comprises a plurality of units. A plurality of one-unit message authentication codes is generated, wherein each one-unit message authentication code corresponds to a respective unit of the plurality of units of the message, and wherein each one-unit message authentication code is generated based on the identifying parameter associated with the message, a given one of the plurality of units, and the position of the given unit in the message. Verification of each unit of the message may then be efficiently performed inside a method of secure computation such as, by way of example only, a garbled circuit.
-
Citations
19 Claims
-
1. A method, comprising:
-
obtaining a message and an identifying parameter associated with the message, wherein the message comprises a plurality of units; generating a plurality of one-unit message authentication codes, each one-unit message authentication code corresponding to a respective unit of the plurality of units of the message, wherein each one-unit message authentication code is generated based on the identifying parameter associated with the message, a given one of the plurality of units, and the position of the given unit in the message; and providing two or more possible combinations of values of a first one of the one-unit message authentication codes and a corresponding first authenticator string as inputs to a garbled-circuit based secure computation protocol, wherein the garbled circuit-based secure computation protocol outputs an indication of the validity of the first one-unit message authentication code; wherein the method is performed by at least one processing device; and wherein the message comprises an encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
receiving, at a verifier associated with a private database system, a given one of a plurality of one-unit message authentication codes and a corresponding authenticator string, the given one-unit message authentication code corresponding to a respective unit of a plurality of units of a message, wherein the given one-unit message authentication code is generated based on an identifying parameter associated with the message, a given one of the plurality of units, and a position of the given unit in the message; and verifying, at the verifier, the validity of the given one-unit message authentication code, while preventing content of the message from being known to the verifier; wherein the verifying step is performed by a processing device which implements the verifier as part of the private database system and comprises inputting into a garbled circuit-based secure computation protocol two or more possible combinations of values of the given one-unit message authentication code and corresponding authenticator string and receiving an output from the garbled circuit-based secure computation protocol indicating the validity of the first one-unit message authentication code; and wherein the message comprises an encryption key. - View Dependent Claims (11)
-
-
12. An apparatus comprising:
-
a memory; and a processor operatively coupled to the memory and configured to; obtain a message and an identifying parameter associated with the message, wherein the message comprises a plurality of units; generate a plurality of one-unit message authentication codes, each one-unit message authentication code corresponding to a respective unit of the plurality of units of the message, wherein each one-unit message authentication code is generated based on the identifying parameter associated with the message, a given one of the plurality of units, and the position of the given unit in the message; and providing two or more possible combinations of values of a first one of the one-unit message authentication codes and a corresponding first authenticator string as inputs to a garbled-circuit based secure computation protocol, wherein the garbled circuit-based secure computation protocol outputs an indication of the validity of the first one-unit message authentication code; wherein the message comprises an encryption key. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification