[go: up one dir, main page]

WO2024233394A1 - Unconstrained barren plateau data obfuscation - Google Patents

Unconstrained barren plateau data obfuscation Download PDF

Info

Publication number
WO2024233394A1
WO2024233394A1 PCT/US2024/027848 US2024027848W WO2024233394A1 WO 2024233394 A1 WO2024233394 A1 WO 2024233394A1 US 2024027848 W US2024027848 W US 2024027848W WO 2024233394 A1 WO2024233394 A1 WO 2024233394A1
Authority
WO
WIPO (PCT)
Prior art keywords
unit
computer
data
implemented method
obfuscation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/US2024/027848
Other languages
French (fr)
Inventor
William David Schwaderer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2024233394A1 publication Critical patent/WO2024233394A1/en
Anticipated expiration legal-status Critical
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • Data security is essential for global privacy and global commerce. Hence, there is significant commercial value in methods that improve data security. Because data encryption is an important data security element, commercial significance exists for methods that improve data encryption effectiveness.
  • Embodiments of the present disclosure provide a general framework to fortify data encryption effectiveness for both existing and future data encryption methods. It uses evolutionary, well-understood, and long-accepted methods. This fortification is important because existing data encryption standards have never been proven mathematically secure. Moreover, forthcoming international encryption standards intending to withstand Quantum Computer Superposition attacks are also not mathematically proven secure, despite them using advanced, complex, mathematic methods incomprehensible to most people.
  • NIST National Institute of Standards and Technology
  • HNDL Harvest Now, Decrypt Later
  • Embodiments of the present disclosure teach that existing traditional and future, supposedly Quantum-Safe, data encryption methods are mathematics based. Regrettably, complex, advanced mathematics leaves them vulnerable to surprisingly novel mathematical decryption attacks, perhaps using novel, emerging computing architectures that can include forthcoming Quantum Computing technologies, Artificial intelligence, or combinations thereof.
  • An effective solution for this vulnerability is to fortify standards-based encrypted data that existing and future data encryption methods produce by obfuscating their output.
  • This complementary fortification is effectively achieved by obfuscating encryption output in ways that result in mathematical Barren Plateau results.
  • Such mathematical Barren Plateaus defy patternicity, periodicity, and predictability analysis that Artificial Intelligence, Machine Learning, and Quantum Computer Superposition systems can perform.
  • Barren Plateau results protect encrypted data and general data privacy.
  • the present disclosure describes an efficient and effective framework to obfuscate source data in ways that generate mathematical Barren Plateau output. Because this framework only uses simple arithmetic, it is immune to traditional mathematical attacks on first principles. Specifically, this framework has Deterministic Chaos foundation rather than a mathematics foundation. It uses evolutionary, long-standing methods than have been accepted practice for decades, one for centuries.
  • FIG. 1 depicts hardware bit-level terminology in accordance with embodiments of the present disclosure.
  • FIG. 2 depicts the disclosed framework produces Barren Plateau obfuscated data using the data values a multiplicity of entropy value generators provide.
  • FIG. 3 depicts an example sequence for framework processes to produce Barren Plateau obfuscated data.
  • FIG. 4 depicts the contents of an example computer memory buffer containing data created by framework obfuscation processes prior to a Unit relocation process.
  • FIG. 5 depicts an in-progress Unit relocation operation using Unit swapping rather than Fisher-Yates shuffling.
  • FIG. 1 illustrates that a computer memory data Byte 100 contains eight individual bits.
  • the high-order Byte 100 bit 110 is referred to as byte 100 bit 0.
  • the low-order Byte 100 bit 117 is referred to as Byte 100 Bit 7.
  • Other data bits are similarly referred to using their relative position from their Byte 100 high-order bit 110 position.
  • Byte 100 bit 3 113 is three positions away from Byte 100 bit 110.
  • FIG. 1 illustrates that, like all computer memory data bytes, computer memory data Byte 120 has two non-overlapping 4-bit fields 130 and 131 that are commonly called Nibbles.
  • the high- order 4-bit Nibble field 130 is referred to as Byte 120 Nibble 0.
  • the low-order 4-bit Nibble field 131 is referred to as Byte 120 Nibble 1.
  • FIG. 1 illustrates that, like all computer memory data bytes, a computer memory data Byte 140 has four non-overlapping 2-bit fields 150, 151, 152, and 153.
  • This example refers to such a 2- bit field as a Dribble.
  • the high-order 2-bit Dribble field 150 is referred to as Byte 140 Dribble 0.
  • the next, adjacent 2-bit Dribble field 151 is referred to as Byte 140 Dribble 1.
  • the next, adjacent 2-bit Dribble field 152 is referred to as Byte 140 Dribble 2.
  • the low-order 4-bit Dribble field 153 is referred to as Byte 120 Dribble 3.
  • FIG. 2 illustrates an embodiment example that obfuscates input data 200 by utilizing high- entropy values produced by a multiplicity of Entropy Value Generators 210.
  • the example uses them in three independent ways: (1) For optional data encryption 310, (2) For garbage value stuffing 340 when Unit Equalization is not in effect, and (3) For bit Unit relocation 350 processes.
  • An obfuscation method 220 reads the input data 200 and the entropy values produced by the multiplicity of Entropy Value Generators 210, enabling the obfuscation method 220 to generate Barren Plateau obfuscated output data 230 from the input data 200.
  • Input Data 200 can be all of a data file or transmission message, or a portion of them.
  • this example describes high performance, lightweight encryption methods that can fortify input data 200 encryption. This enables this example to fortify standardized data encryption methods within a hybrid data encryption model recommended by NIST.
  • the multiplicity of Entropy Value Generators 210 supply high entropy, true random values and/or high entropy, pseudo random values on demand to obfuscation method 220. Entropy Value Generators 210 can also generate random values by combining true random values with pseudo random values in numerous ways known to practitioners skilled in the art.
  • the Entropy Value Generators 210 can be configured or initialized by using an algorithmic means to sample and algorithmically combine source data values of any type to produce said Entropy Value Generators 210 configuration specifications and initialization values.
  • Entropy Value Generators 210 should operate independently and opaquely, never revealing their construction, operations, or internal states.
  • One Entropy Value Generators 210 embodiment consists of a multiplicity of arbitrary numbers of pseudo random generators of a multiplicity of pseudo random generator types. These pseudo random number generators are individually constructed, initialized, and “warmed up” using an arbitrarily and sufficiently large initialization vector. This allows this example to avoid requiring a traditional key, though a traditional key or multiplicity of keys can be optionally used to construct the initialization vector.
  • Entropy Value Generators 210 To obfuscation method 220 must be available and presented in the same order to subsequent deobfuscation methods that reverse obfuscation method 220 process outcomes. This requires saving, or otherwise retaining, the true random values Entropy Value Generators 210 provide to obfuscation method 220.
  • Entropy Value Generators 210 provide to obfuscation method 220 can be (and must be) recreated on demand for input data 200 reconstruction. There is a de-obfuscation performance advantage in providing any process with its own, independent Entropy Value Generators 210. Finally, Entropy Value Generators 210 can be hardware based, software based, or a hybrid of both.
  • any true random number values Entropy Value Generators 210 provide to obfuscation method 220 must be persistent, immutable, and available to subsequent methods that recover original input data 200 from obfuscated input data 230.
  • the means Entropy Value Generators 210 use to generate pseudo random number values to provide to obfuscation method 220 must all be available on demand for de-obfuscation.
  • FIG. 3 depicts the obfuscation process this example uses. Not all steps, such as encryption, are required. Moreover, some example embodiments may use a given type step more than once and employ their use in a different order than depicted.
  • the process starts at 300 which immediately advances to an optional encryption process 310 that may be unnecessary, particularly if input data 200 is already securely encrypted. Note that following discussion presents novel, high-performance encryption methods covered by this example’s scope.
  • Step 320 involves required Unit expansion determination.
  • the present disclosure describes dividing data byte sequences into independent groups of bits that are non-overlapping and collectively exhaust all bits in a sequence. This process is known as fractionization to practitioners skilled in the art.
  • Units optionally, but preferably, all have the same fixed size.
  • the number of bits in a Unit is referred to as its Unit size.
  • an obfuscation method 220 process elects to use a 3-bit fixed Unit size and that it will obfuscate 100 input data 200 bytes - 800 total data bits.
  • This example requires the total data bits to be evenly divisible by both the value 8 and the Unit size value. Since, 800 is not evenly divisible by 3, a number of bytes must be added to input data 200 to make the total number of bytes divisible by both 3 and 8.
  • the general formula is:
  • the Unit expansion required is 2 bytes, causing the input data 200 to increase in size by 2 bytes.
  • the values used to perform this expansion are not important. However, it is to be understood that a de-obfuscation process must always know that the original input data 200 size (100 bytes).
  • Unit sizes of 1, 2, 4, and 8 bits provide better performance for a number of reasons. For example, when using these Unit sizes, no Unit spans two input data 200 bytes and no Unit expansion is required. Moreover, using these Unit sizes can provide output size reduction advantages for other obfuscation method 220 steps.
  • the framework optionally performs a Fixed-Size Unit Count Equalization process 330. This process conducts an inventory of the value of Units in input data 200 and its possible expansion bytes.
  • Unit size value is fixed at 2, meaning each Unit has 2 bits.
  • This Unit size requires no input data expansion. Since each Unit in this embodiment example is two bits in size, four Units fit in a single byte. Hence, if input data 200 contains 100 bytes, and since no expansion is required, there are 4 * 100 total Units, or 400 Units. Each Unit contains two bits, allowing each Unit to have one of four binary values: ObOO (0), ObOl (1), OblO (2), and Obi 1 (3).
  • process logic examines each Unit’s binary value and increments an associated counter that was initialized to a zero value.
  • the Unit associated with the value ObOO (0) will increment CounterO.
  • the Unit associated with the value ObOl (1) will increment Counter 1.
  • the Unit associated with the value OblO (2) will increment Counter2.
  • the Unit associated with the value Obi 1 (3) will increment Counter3.
  • the difference value DI indicates how many fewer times the Unit value ObOl (1) appeared than the maximum M times the Unit value ObOO (0) appeared.
  • the difference value D2 indicates how many fewer times the Unit value Ob 10 (2) appeared than ObOO (0) appeared.
  • the difference value D3 indicates how many fewer times the Unit value 0b 11 (3) appeared than the Unit value ObOO (0) appeared.
  • Step 330 is now complete and control passes to step 340.
  • Step 340 optionally further appends garbage bytes that preserve Unit Equalization. If Unit Equalization is not in effect, any garbage value suffices.
  • step 340 is now complete and control passes to step 350.
  • Step 350 randomizes each Unit’s value within the obfuscated input data 230 using random, or pseudo random values Entropy Value Generators 210 provide.
  • Unit relocation placement locations can be achieved using the widely known Fischer-Yates shuffle algorithm appreciated by practitioners skilled in the art. To increase final randomness, shuffling can occur a multiplicity of times using random values entropy value generators 210 provide. Additionally, the Fischer-Yates shuffle direction can be randomly determined for each independent shuffle operation.
  • random relocation is achieved by beginning at one end of the total data sequence needing Unit relocation and progressing Unit-by-Unit to the other end.
  • the direction can be randomly determined using random, or pseudo random values that entropy value generators 210 provide.
  • random, or pseudo random values that entropy value generators 210 provide can be used to identify a target Unit that relocation logic can swap the target Unit value with the current source Unit value.
  • Step 360 optionally divides the obfuscated input data 230 into a randomly determined multiplicity of independent, mutually exclusive, and collectively exhaustive byte sequences. This division does not necessarily require performance degrading data movement.
  • the division process allows step 370 to perform final disposition of the obfuscated input data 230 using an out-of-order byte-sequence presentation of the obfuscated input data 230 consuming recipient that could be a transmission resource, permanent storage, etc. This may involve scatter-gather logic (also referred to as vectored TO) with a randomized size and randomized order determined by using random, or pseudo random values that entropy value generators 210 provide.
  • Step 370 is now complete and the obfuscation method ends when control passes to termination block 380.
  • FIG. 4 depicts an embodiment’ s computer memory buffer used by obfuscation method 220.
  • a memory buffer 400 receives input data 200, placing it in location 410. To fortify a previous encryption, this input data may require encryption step 310.
  • the size of embodiment example memory buffer 400 is 64, a power of 2 (2 6 ). This exact size allows high performance modulus calculations for entropy values
  • Entropy Value Generators 210 provide by XORing the value 0x003F with the entropy values. Using Units with a bit-size of 2 allows one- byte garbage stuffing values that can assist in expanding any buffer to a size that is a power of 2, thereby accelerating obfuscation performance.
  • input data 200 may also require Unit expansion determined in step 320. If so, required Unit size expansion 320 generates additional Units that are appended to input data 410 in memory buffer 300, requiring the additional Unit space in location 420. The data values to effect this expansion are not important.
  • Step 330 creates Unit Equalization values 330 that are appended to Unit size expansion 420 Units and placed in location 430.
  • Step 340 performs optional garbage stuffing that preserves Unit Equalization counts and is placed in 440. Note that if Unit Equalization is not in effect, garbage stuffing can use any garbage values.
  • Garbage stuffing step 340 can enable the final data sequence in memory buffer 400 to increase to any arbitrary size, depending on Unit size. It is to be understood that the described equalization step 330 and garbage stuffing 340 step can similarly be used to further obfuscate the Pseudo Random Numbers produced by Entropy Value Generators 200 and used in Obfuscation Method 220. This may reduce or otherwise obviate the need to equalize a garbage stuffed ciphertext.
  • Step 350 randomly relocates Unit values located in memory buffer 400 at collective locations 410, 420, 430, and 440.
  • the obfuscated input data 230 now represents a data sequence that is a mathematical barren plateau. This sequence has the same number of 0-value bits as 1-value bits. Moreover, because the embodiment example selected an example 2 -bit Unit size, Unit Equalization ensures there is the same number of Units with ObOO, ObOl , Obl O, and Obl l values. Finally, the equalized data sequence is randomly scrambled on a Unit basis, preserving Equalization benefits.
  • attackers must first determine how many equalized Barren Plateau ObOO, ObOl, OblO, and Obl l values existed in the original or encrypted input data 200. They must then assemble them in the correct order even though the Unit relocation process is unknown to them and not detectable from the obfuscated input data 230. Next, they must correctly decrypt the fortifying encryption as well as the initial encryption without guidance.
  • FIG. 4 illustrates that fields 410, 420, 430, and 440 are sequentially positioned in memory buffer 400. Because field 430 may have easily recognizable data patterns, attackers can identify fields 410 and 420. Hence, it is important to randomly relocate memory buffer 400 Units in order to prevent this.
  • FIG. 5 illustrates the difference between Fischer-Yates Unit shuffling operations and Unit swapping operations.
  • Fischer-Yates shuffling proceeds in one direction or the other with relocation never occurring behind the current source Unit position.
  • swapping replacement can occur in either direction (in front or behind) with respect to the current source Unit location.
  • FIG. 5 depicts a computer memory buffer 500 that contains an embodiment example 64 3- bit Units ranging in value from 0 to 7.
  • the first Unit, Unit 0 510 contains a value of 3.
  • Unit 19520 contains a value of 0.
  • Unit 37 530 contains a value of 7.
  • Unit 38 540 contains a value of 4.
  • the last of the 64 Units, Unit 63 550, contains a value of 6.
  • the selected direction for sequentially identifying source Units is from left-to-right.
  • the current sequentially selected source Unit position is Unit 37530.
  • Relocation swapping logic requests and receives a random entropy value from the Entropy Value generators 210 with a value of 42003. Since computer memory buffer 500 has 64 Units, 42003 modulus 64 results in a value of 19. Hence Unit 19 520 is selected as the pseudo random number (PRN) swap target Unit. Relocation logic therefore sets the Unit 19520 value to Unit 37 530 value (7) and the Unit 37 530 value to the Unit 19 520 value (0).
  • the currently selected source Unit pointer next advances left- to-right to the next Unit, Unit 38 540 and the swapping process continues until Unit 63 550 has been swapped.
  • a source Unit’s value remains unchanged if it is selected as both the source Unit and the target Unit.
  • obfuscation method 220 can use Fischer- Yates shuffling, Unit swapping, or interleave both a multiplicity of times determined by values entropy value generators 210 provide.
  • obfuscation method 220 encrypts input data 200 in step 310
  • the encryption can use values entropy value generators 210 provide to perform encryption.
  • Lightweight, high performance obfuscation method 220 encryption could use Vernam (One Time Pad) encryption to produce ciphertext with computed Shannon Perfect Secrecy.
  • Vernam One Time Pad
  • lightweight, high performance obfuscation method 220 encryption could perform Unit-size carry-less addition, reminiscent of Caesar Cipher encryption except the encrypting addends are random values. There are no restrictions on the encryption method or method multiplicities obfuscation method 220 can use.
  • Unit Equalization 330 and optional bit Unit relocation 350 that generate obfuscated input data 230 that can enjoy maximum possible entropy, unsurpassed bit stream fractionation, and unsurpassed bit dispersion.
  • the selected encryption Unit size is independent of the Unit size used for Unit Equalization 330 and Optional Bit Unit relocation 350.
  • De-obfuscation processes must have access to the size of input data 200, as well as all entropy values used by the obfuscation method 220.
  • the de-obfuscation reverses each obfuscation operation in the reverse order in order to recover the input data 200.
  • This present description discloses a multiplicity of novel data obfuscation methods.
  • Various combinations of hardware and software components can instantiate derivative embodiments in numerous ways. The spirit of this present description is meant to encompass all such derivative embodiments.
  • the previously described Optional Fixed-Size Unit Count Equalization 330 increases, up to three times, the sum of Optionally Encrypted Input Data 410 and Required Unit Size Expansion 420.
  • This perfect Equalization expansion can be prohibitively large.
  • the value of this threshold can be determined in any way.
  • One method to achieve this threshold goal considers the Unit inventory count values the Optional Fixed-Size Unit Count Equalization 330 step computes.
  • sub-optimal, alternative Equalization logic can repeatedly append bytes to Optionally Encrypted Input Data 410 and Required Unit Size Expansion 420. These bytes would contain Unit values associated with underrepresented Units, beginning with the most underrepresented Unit and progressing to the next Unit type. This continues until the total number of bytes equals the threshold.
  • each Unit type has an associated final Unit inventory count.
  • One (or more) of them is a minimum inventory count value.
  • Equalization logic can repeatedly increase the minimum Inventory count value in multiples of 4 Units, each having the associated Unit value of the minimum count value. These four Units collectively occupy a single byte that is appended to the data 410 and 420. This repeated incremental increase continues until (1) the new total byte count equals the threshold value or (2) the incremented minimum Inventory Unit count approximately equals the second smallest original Inventory count value. In practice, sometimes only general approximation is possible. If the total byte threshold has not been reached, the Equalization logic increases by two the Unit inventory counts for the both the Units that originally had the minimum and the next-larger value and appends a byte containing two units of each type. This repeatedly appended type byte has two Unit values for one Unit, and two Unit values for the other. This increases the total byte count by one for each increment operation and leaves the incremented Unit counts for the two Unit types approximately equal.
  • Equalization logic can continue cumulatively appending bytes to data 410 and 420 containing a mixture of Unit values of all three of these previously underrepresented Units in groups of four until the total byte threshold is reached. Each mixture appended increments the three associated inventory counts appropriately.
  • the total byte count threshold is equaled and the Equalization process finishes. While, this does not provide perfect Unit Equalization, it does allow the total bye count to reach a desired threshold which may be a beneficial power of two. Moreover, this described process beneficially potentially combines the optional Unit Count Equalization 330 step and the Optional Garbage Stuffing 340 step.
  • a third derivative embodiment example can conduct a Unit inventory and then append constructed equalization values that intentionally over represent selected Unit types in the final Obfuscated Input Data 230.
  • embodiments of the present disclosure are generally directed to a general obfuscation framework with novel methods that can have many derivative variations. The spirit of this description is meant to cover all of them.
  • Decryption methods must be able to (1) identify original Input Data 200 size (2) be able to reconstruct correctly initialized Entropy Value Generators 210 (3) operate Entropy Value Generators 210 identically.
  • the present disclosure provides many embodiment variations. Consequently, varying applications can integrate these embodiment variations in a multiplicity of ways.
  • SSL Secure Socket Layer
  • TLS Transport Layer Security
  • MAC Message Authentication Code
  • Cipher Suites such as Cipher Suites relying on RSA and Diffie-Hellman methods
  • Cipher Suites are widely considered to be vulnerable to Quantum Computer attacks that completely compromise their security and integrity.
  • Quantum Computer attacks threaten the keys these SSL/TLS Cipher Suites generate.
  • the effort for global enterprises to replace vulnerable SSL/TLS Cipher Suites can be significant, expensive, and involve many years.
  • Embodiments of the present disclosure provide an expedient means to obfuscate vulnerable SSL/TLS encryption key and MAC values and transform them into new keys with new values.
  • the new, obfuscated key values can replace the vulnerable “handshake” derived encryption and integrity verification key values, thereby providing communication sessions protection from Quantum Computer decryption attacks.
  • Achieving enhanced security and integrity improvement by modifying session encryption and MAC key values is possible (as one embodiment example) by providing out-of-transmission- band, obfuscation guidance after SSL/TLS protocol completion. This guidance could involve (as an example) a multiplicity of Multi Factor Authentication (MFA) means.
  • MFA Multi Factor Authentication
  • Achieving enhanced security and integrity improvement by modifying session encryption and MAC key values can also be accomplished during the handshake process. Modifying keys during the handshake process potentially requires a SSL/TLS protocol modification to acknowledge key value transformation before protocol “FINISHED” message exchanges.
  • an established session can obfuscate plaintext transmission data before requesting its transmission.
  • aspects of the disclosure may operate on particularly created hardware, firmware, digital signal processors, or on a specially programmed computer including a processor operating according to programmed instructions.
  • controller or processor as used herein are intended to include microprocessors, microcomputers, Application Specific Integrated Circuits (ASICs), and dedicated hardware controllers.
  • ASICs Application Specific Integrated Circuits
  • One or more aspects of the disclosure may be embodied in computer-usable data and computer-executable instructions, such as in one or more program modules, executed by one or more computers (including monitoring modules), or other devices.
  • program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types when executed by a processor in a computer or other device.
  • the computer executable instructions may be stored on a computer readable storage medium such as a hard disk, optical disk, removable storage media, solid state memory, Random Access Memory (RAM), etc.
  • a computer readable storage medium such as a hard disk, optical disk, removable storage media, solid state memory, Random Access Memory (RAM), etc.
  • RAM Random Access Memory
  • the functionality of the program modules may be combined or distributed as desired in various aspects.
  • the functionality may be embodied in whole or in part in firmware or hardware equivalents such as integrated circuits, FPGA, and the like.
  • Particular data structures may be used to more effectively implement one or more aspects of the disclosure, and such data structures are contemplated within the scope of computer executable instructions and computer-usable data described herein.
  • the disclosed aspects may be implemented, in some cases, in hardware, firmware, software, or any combination thereof.
  • the disclosed aspects may also be implemented as instructions carried by or stored on one or more or computer-readable storage media, which may be read and executed by one or more processors. Such instructions may be referred to as a computer program product.
  • Computer-readable media as discussed herein, means any media that may be accessed by a computing device.
  • computer- readable media may comprise computer storage media and communication media.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Embodiments of the present disclosure provide a general framework to provide patternless, aperiodic, and unpredictable Barren Plateau data obfuscation for any type data. Such Barren Plateau obfuscation efficiently and effectively incapacitates unauthorized Artificial Intelligence (AI), Machine Learning (ML), and Quantum Computer Superposition attacks attempting to defeat data encryption privacy measures. Barren Plateau obfuscation is possible by using Deterministic Chaos methods to emulate Quantum Superposition capabilities. These methods do not have a traditional mathematics-based foundation. They complement adopted global encryption standards by fortifying them against surprisingly novel decryption attacks. They allow unconstrained, high performance, unsurpassed bit dispersion and garbage value stuffing that easily transcend traditional Shannon Perfect Secrecy and maximum Shannon Information Entropy encryption strength.

Description

UNCONSTRAINED BARREN PLATEAU DATA OBFUSCATION
Cross-Reference to Related Application
The present application claims priority to U.S. Provisional Application No. 63/500,433, entitled “UNCONSTRAINED BARREN PLATEAU DATA OBFUSCATION”, and filed on May 5, 2023. The entire contents of the above-listed application are hereby incorporated by reference for all purposes.
Background and Summary
Data security is essential for global privacy and global commerce. Hence, there is significant commercial value in methods that improve data security. Because data encryption is an important data security element, commercial significance exists for methods that improve data encryption effectiveness.
Embodiments of the present disclosure provide a general framework to fortify data encryption effectiveness for both existing and future data encryption methods. It uses evolutionary, well-understood, and long-accepted methods. This fortification is important because existing data encryption standards have never been proven mathematically secure. Moreover, forthcoming international encryption standards intending to withstand Quantum Computer Superposition attacks are also not mathematically proven secure, despite them using advanced, complex, mathematic methods incomprehensible to most people.
It follows that a prudent, conservative working assumption is that mathematics-based encryption methods are inherently cryptographically insecure, perhaps due to mathematical complexity cloaking fatal, esoteric vulnerabilities determined attackers may discover and clandestinely exploit for decades.
To address this potentially existential vulnerability, the United States National Institute of Standards and Technology (NIST) recommends (1) any in-use encryption standard be fortified with another Quantum-Resistant standard in a hybrid data encryption model and (2) should an in- use encryption standard prove insecure, users should exhibit Crypto-agility. Here, Crypto-agility means users should immediately transition to another standard method.
Unfortunately, these recommendations may prove completely infeasible in practice. For example, there is evidence hostile nation states are presently capturing, and will continue to capture, encrypted data in the hope of later decrypting it with future, novel decryption attack methods. This is commonly known as the Harvest Now, Decrypt Later (HNDL) strategy. However, if an in-use data encryption scheme proves to be insecure, encrypted HNDL-captured data that broken encryption method previously protected becomes vulnerable to the now-recognized decryption attack, even though a data owner had Crypto-agility. Worse, the attacker may have exploited the attack for years, if not decades.
Embodiments of the present disclosure teach that existing traditional and future, supposedly Quantum-Safe, data encryption methods are mathematics based. Regrettably, complex, advanced mathematics leaves them vulnerable to surprisingly novel mathematical decryption attacks, perhaps using novel, emerging computing architectures that can include forthcoming Quantum Computing technologies, Artificial intelligence, or combinations thereof.
An effective solution for this vulnerability is to fortify standards-based encrypted data that existing and future data encryption methods produce by obfuscating their output. This complementary fortification is effectively achieved by obfuscating encryption output in ways that result in mathematical Barren Plateau results. Such mathematical Barren Plateaus defy patternicity, periodicity, and predictability analysis that Artificial Intelligence, Machine Learning, and Quantum Computer Superposition systems can perform. Hence, by eliminating all patternicity, periodicity, and predictability in obfuscated data, Barren Plateau results protect encrypted data and general data privacy.
The present disclosure describes an efficient and effective framework to obfuscate source data in ways that generate mathematical Barren Plateau output. Because this framework only uses simple arithmetic, it is immune to traditional mathematical attacks on first principles. Specifically, this framework has Deterministic Chaos foundation rather than a mathematics foundation. It uses evolutionary, long-standing methods than have been accepted practice for decades, one for centuries.
Brief Description of the Drawings
FIG. 1 depicts hardware bit-level terminology in accordance with embodiments of the present disclosure.
FIG. 2 depicts the disclosed framework produces Barren Plateau obfuscated data using the data values a multiplicity of entropy value generators provide. FIG. 3 depicts an example sequence for framework processes to produce Barren Plateau obfuscated data.
FIG. 4 depicts the contents of an example computer memory buffer containing data created by framework obfuscation processes prior to a Unit relocation process.
FIG. 5 depicts an in-progress Unit relocation operation using Unit swapping rather than Fisher-Yates shuffling.
Detailed Description
As is commonly accepted, FIG. 1 illustrates that a computer memory data Byte 100 contains eight individual bits. In this example, the high-order Byte 100 bit 110 is referred to as byte 100 bit 0. Similarly, the low-order Byte 100 bit 117 is referred to as Byte 100 Bit 7. Other data bits are similarly referred to using their relative position from their Byte 100 high-order bit 110 position. For example, Byte 100 bit 3 113 is three positions away from Byte 100 bit 110.
FIG. 1 illustrates that, like all computer memory data bytes, computer memory data Byte 120 has two non-overlapping 4-bit fields 130 and 131 that are commonly called Nibbles. The high- order 4-bit Nibble field 130 is referred to as Byte 120 Nibble 0. The low-order 4-bit Nibble field 131 is referred to as Byte 120 Nibble 1.
FIG. 1 illustrates that, like all computer memory data bytes, a computer memory data Byte 140 has four non-overlapping 2-bit fields 150, 151, 152, and 153. This example refers to such a 2- bit field as a Dribble. The high-order 2-bit Dribble field 150 is referred to as Byte 140 Dribble 0. The next, adjacent 2-bit Dribble field 151 is referred to as Byte 140 Dribble 1. The next, adjacent 2-bit Dribble field 152 is referred to as Byte 140 Dribble 2. The low-order 4-bit Dribble field 153 is referred to as Byte 120 Dribble 3.
FIG. 2 illustrates an embodiment example that obfuscates input data 200 by utilizing high- entropy values produced by a multiplicity of Entropy Value Generators 210. The example uses them in three independent ways: (1) For optional data encryption 310, (2) For garbage value stuffing 340 when Unit Equalization is not in effect, and (3) For bit Unit relocation 350 processes.
An obfuscation method 220 reads the input data 200 and the entropy values produced by the multiplicity of Entropy Value Generators 210, enabling the obfuscation method 220 to generate Barren Plateau obfuscated output data 230 from the input data 200.
The scope of the present disclosure considers that the nature of input data 200 is unconstrained. It can be unencrypted plaintext data, encrypted data, compressed data, encrypted compressed data, and so forth. Input Data 200 can be all of a data file or transmission message, or a portion of them.
If the input data 200 was previously encrypted, it may not require further encryption. However, this example describes high performance, lightweight encryption methods that can fortify input data 200 encryption. This enables this example to fortify standardized data encryption methods within a hybrid data encryption model recommended by NIST.
The multiplicity of Entropy Value Generators 210 supply high entropy, true random values and/or high entropy, pseudo random values on demand to obfuscation method 220. Entropy Value Generators 210 can also generate random values by combining true random values with pseudo random values in numerous ways known to practitioners skilled in the art. The Entropy Value Generators 210 can be configured or initialized by using an algorithmic means to sample and algorithmically combine source data values of any type to produce said Entropy Value Generators 210 configuration specifications and initialization values.
For best results, Entropy Value Generators 210 should operate independently and opaquely, never revealing their construction, operations, or internal states.
One Entropy Value Generators 210 embodiment consists of a multiplicity of arbitrary numbers of pseudo random generators of a multiplicity of pseudo random generator types. These pseudo random number generators are individually constructed, initialized, and “warmed up” using an arbitrarily and sufficiently large initialization vector. This allows this example to avoid requiring a traditional key, though a traditional key or multiplicity of keys can be optionally used to construct the initialization vector.
When keys or other types of random values are used to construct the initialization vector, practitioners skilled in that art appreciate that they can be generated in many ways, including using Quantum Mechanical and physical phenomena as well as Entropy as a Service means.
It is to be understood that whatever values are supplied by Entropy Value Generators 210 to obfuscation method 220 must be available and presented in the same order to subsequent deobfuscation methods that reverse obfuscation method 220 process outcomes. This requires saving, or otherwise retaining, the true random values Entropy Value Generators 210 provide to obfuscation method 220.
By definition, pseudo random values Entropy Value Generators 210 provide to obfuscation method 220 can be (and must be) recreated on demand for input data 200 reconstruction. There is a de-obfuscation performance advantage in providing any process with its own, independent Entropy Value Generators 210. Finally, Entropy Value Generators 210 can be hardware based, software based, or a hybrid of both.
Succinctly stated, any true random number values Entropy Value Generators 210 provide to obfuscation method 220 must be persistent, immutable, and available to subsequent methods that recover original input data 200 from obfuscated input data 230. Similarly, the means Entropy Value Generators 210 use to generate pseudo random number values to provide to obfuscation method 220 must all be available on demand for de-obfuscation.
FIG. 3 depicts the obfuscation process this example uses. Not all steps, such as encryption, are required. Moreover, some example embodiments may use a given type step more than once and employ their use in a different order than depicted.
The process starts at 300 which immediately advances to an optional encryption process 310 that may be unnecessary, particularly if input data 200 is already securely encrypted. Note that following discussion presents novel, high-performance encryption methods covered by this example’s scope.
Step 320 involves required Unit expansion determination.
The present disclosure describes dividing data byte sequences into independent groups of bits that are non-overlapping and collectively exhaust all bits in a sequence. This process is known as fractionization to practitioners skilled in the art.
For performance reasons, Units optionally, but preferably, all have the same fixed size. When using fixed size Units, the number of bits in a Unit is referred to as its Unit size. Some steps can use variable-sized Units though this can negatively degrade performance. Keeping Unit size disguised improves obfuscation strength and its effects leave few hints of its value.
Suppose an obfuscation method 220 process elects to use a 3-bit fixed Unit size and that it will obfuscate 100 input data 200 bytes - 800 total data bits. This example requires the total data bits to be evenly divisible by both the value 8 and the Unit size value. Since, 800 is not evenly divisible by 3, a number of bytes must be added to input data 200 to make the total number of bytes divisible by both 3 and 8. The general formula is:
Number of Bytes to Add - ( (n - (Count modulus n )) modulus n) (Equation 1) where n is the value of the Unit size (for this example, n = 3) and Count is the number of input data bytes 200 (for this example, Count = 100). Thus:
Number of Bytes to Add = ( (3 - (100 modulus 3)) modulus 3) (Equation 2)
= ( O - (D) modulus 3) (Equation 3)
= ( (2) modulus 3) (Equation 4)
= 2 (Equation 5)
Thus, for this specific embodiment example, the Unit expansion required is 2 bytes, causing the input data 200 to increase in size by 2 bytes. The values used to perform this expansion are not important. However, it is to be understood that a de-obfuscation process must always know that the original input data 200 size (100 bytes).
It is to be understood that uniform Unit sizes of 1, 2, 4, and 8 bits provide better performance for a number of reasons. For example, when using these Unit sizes, no Unit spans two input data 200 bytes and no Unit expansion is required. Moreover, using these Unit sizes can provide output size reduction advantages for other obfuscation method 220 steps.
Now that input data 200 has potentially been expanded to conform to Unit size requirements, the framework optionally performs a Fixed-Size Unit Count Equalization process 330. This process conducts an inventory of the value of Units in input data 200 and its possible expansion bytes.
Assume the Unit size value is fixed at 2, meaning each Unit has 2 bits. This Unit size requires no input data expansion. Since each Unit in this embodiment example is two bits in size, four Units fit in a single byte. Hence, if input data 200 contains 100 bytes, and since no expansion is required, there are 4 * 100 total Units, or 400 Units. Each Unit contains two bits, allowing each Unit to have one of four binary values: ObOO (0), ObOl (1), OblO (2), and Obi 1 (3).
To perform a Unit value inventory, process logic examines each Unit’s binary value and increments an associated counter that was initialized to a zero value. The Unit associated with the value ObOO (0) will increment CounterO. The Unit associated with the value ObOl (1) will increment Counter 1. The Unit associated with the value OblO (2) will increment Counter2. The Unit associated with the value Obi 1 (3) will increment Counter3.
When the Unit value inventory is complete, adding the four counter values should produce a sum of 400 in this example. Let V0, VI, V2, and V3 be the four final counter values. These values are all likely different, unpredictably varying between zero and the total number of Units involved. However, at least one will be a maximum value. Alternately, a multiplicity of counters will have the same maximum value. Let M stand for this maximum value.
Assume CounterO has this ending maximum inventory Unit count value.
Now compute:
D1 = M - V1 (Equation 6)
D2 = M - V2 (Equation ?)
D3 = M - V3 (Equation s)
In this example, the difference value DI indicates how many fewer times the Unit value ObOl (1) appeared than the maximum M times the Unit value ObOO (0) appeared. The difference value D2 indicates how many fewer times the Unit value Ob 10 (2) appeared than ObOO (0) appeared. The difference value D3 indicates how many fewer times the Unit value 0b 11 (3) appeared than the Unit value ObOO (0) appeared.
Now, append DI Units having the Unit value ObOl (1) to input data 200 to expand the size of input data 200 (assuming DI does not have a zero value). Now, append D2 Units having the Unit value 0b 10 (2) to input data 200 to further expand the size of input data 200 (assuming D2 does not have a zero value).
Now, append D3 Units having the Unit value Obi 1 (3) to input data 200 to further expand the size of input data 200 (assuming D3 does not have a zero value).
The process has now appended DI + D2 + D3 Units to the input data 200. It is mathematically provable that the sum of DI + D2 + D3 is divisible by 4, hence, an integral number of bytes have been appended to input data 200. Moreover, in this new, larger byte sequence, each of the Unit types appears an equal number of times, hence the step 330 Equalization process designation. Note that if the unit size was 1, a byte-aligned result may require appending 1, 2, or 3 bit pairs with the value ObOl to completely fdl an integral number of bytes while preserving unit equalization.
It is to be understood that the number of Units required to achieve Equalization is generally unpredictable until it is determined. It can range from zero to increasing the data Units by a factor of three (for a 2 -bit Unit size).
Step 330 is now complete and control passes to step 340.
Step 340 optionally further appends garbage bytes that preserve Unit Equalization. If Unit Equalization is not in effect, any garbage value suffices.
In this example that uses a 2 -bit Unit size, appending the binary byte value ObOOOl 1011 (OxlB in hexadecimal) uniformly increases the number of times each Unit value appears. Moreover, this value can be appended an unconstrained number of times in order to increase the byte count up to any desired value. This can be useful for improving the efficiency and effectiveness of step 350. Step 340 is now complete and control passes to step 350.
Step 350 randomizes each Unit’s value within the obfuscated input data 230 using random, or pseudo random values Entropy Value Generators 210 provide. In one example embodiment, Unit relocation placement locations can be achieved using the widely known Fischer-Yates shuffle algorithm appreciated by practitioners skilled in the art. To increase final randomness, shuffling can occur a multiplicity of times using random values entropy value generators 210 provide. Additionally, the Fischer-Yates shuffle direction can be randomly determined for each independent shuffle operation.
In a different embodiment, random relocation is achieved by beginning at one end of the total data sequence needing Unit relocation and progressing Unit-by-Unit to the other end. The direction can be randomly determined using random, or pseudo random values that entropy value generators 210 provide. At each progressive source Unit location, random, or pseudo random values that entropy value generators 210 provide can be used to identify a target Unit that relocation logic can swap the target Unit value with the current source Unit value.
There are many Unit relocation schemes and this this example’s scope is meant to encompass them all. For example, an additional Optional Bit Unit Relocation 350 operation may precede an Optional Encryption 310 operation.
Set 350 is complete and control now passes to step 360.
Step 360 optionally divides the obfuscated input data 230 into a randomly determined multiplicity of independent, mutually exclusive, and collectively exhaustive byte sequences. This division does not necessarily require performance degrading data movement. The division process allows step 370 to perform final disposition of the obfuscated input data 230 using an out-of-order byte-sequence presentation of the obfuscated input data 230 consuming recipient that could be a transmission resource, permanent storage, etc. This may involve scatter-gather logic (also referred to as vectored TO) with a randomized size and randomized order determined by using random, or pseudo random values that entropy value generators 210 provide. Step 370 is now complete and the obfuscation method ends when control passes to termination block 380.
FIG. 4 depicts an embodiment’ s computer memory buffer used by obfuscation method 220.
In FIG. 4, a memory buffer 400 receives input data 200, placing it in location 410. To fortify a previous encryption, this input data may require encryption step 310. Note that the size of embodiment example memory buffer 400 is 64, a power of 2 (26). This exact size allows high performance modulus calculations for entropy values Entropy Value Generators 210 provide by XORing the value 0x003F with the entropy values. Using Units with a bit-size of 2 allows one- byte garbage stuffing values that can assist in expanding any buffer to a size that is a power of 2, thereby accelerating obfuscation performance.
Depending on the selection of the Unit size value, input data 200 may also require Unit expansion determined in step 320. If so, required Unit size expansion 320 generates additional Units that are appended to input data 410 in memory buffer 300, requiring the additional Unit space in location 420. The data values to effect this expansion are not important.
Step 330 creates Unit Equalization values 330 that are appended to Unit size expansion 420 Units and placed in location 430.
Step 340 performs optional garbage stuffing that preserves Unit Equalization counts and is placed in 440. Note that if Unit Equalization is not in effect, garbage stuffing can use any garbage values.
Garbage stuffing step 340 can enable the final data sequence in memory buffer 400 to increase to any arbitrary size, depending on Unit size. It is to be understood that the described equalization step 330 and garbage stuffing 340 step can similarly be used to further obfuscate the Pseudo Random Numbers produced by Entropy Value Generators 200 and used in Obfuscation Method 220. This may reduce or otherwise obviate the need to equalize a garbage stuffed ciphertext.
Step 350 randomly relocates Unit values located in memory buffer 400 at collective locations 410, 420, 430, and 440.
The obfuscated input data 230 now represents a data sequence that is a mathematical barren plateau. This sequence has the same number of 0-value bits as 1-value bits. Moreover, because the embodiment example selected an example 2 -bit Unit size, Unit Equalization ensures there is the same number of Units with ObOO, ObOl , Obl O, and Obl l values. Finally, the equalized data sequence is randomly scrambled on a Unit basis, preserving Equalization benefits.
Hence, in this embodiment example that uses a fixed, 2 -bit Unit size, attackers must first determine how many equalized Barren Plateau ObOO, ObOl, OblO, and Obl l values existed in the original or encrypted input data 200. They must then assemble them in the correct order even though the Unit relocation process is unknown to them and not detectable from the obfuscated input data 230. Next, they must correctly decrypt the fortifying encryption as well as the initial encryption without guidance.
It is to be understood that a simple 34-byte final sequence can appear in as many ways as there are believed to be atoms in the observable universe (IO80 atoms). By construction, this reduces any attack to a brute force attack that likely proves futile.
Moreover, this method encourages cognitive bias pareidolia errors, leading attackers to believe they detect exploitable patterns in random data. Note that pareidolia is a apophenia variant, a more general term for the human tendency to seek patterns in random data.
It is important that, after great effort and expense, attackers reluctantly realize they are marooned in a vast, featureless, digital expanse of digital noise - an authentic mathematical Barren Plateau.
Finally, FIG. 4 illustrates that fields 410, 420, 430, and 440 are sequentially positioned in memory buffer 400. Because field 430 may have easily recognizable data patterns, attackers can identify fields 410 and 420. Hence, it is important to randomly relocate memory buffer 400 Units in order to prevent this.
FIG. 5 illustrates the difference between Fischer-Yates Unit shuffling operations and Unit swapping operations. With Fischer-Yates shuffling, shuffling proceeds in one direction or the other with relocation never occurring behind the current source Unit position. With swapping, replacement can occur in either direction (in front or behind) with respect to the current source Unit location.
FIG. 5 depicts a computer memory buffer 500 that contains an embodiment example 64 3- bit Units ranging in value from 0 to 7. The first Unit, Unit 0 510 contains a value of 3. Unit 19520 contains a value of 0. Unit 37 530 contains a value of 7. Unit 38 540 contains a value of 4. The last of the 64 Units, Unit 63 550, contains a value of 6.
The selected direction for sequentially identifying source Units is from left-to-right. In FIG. 5, the current sequentially selected source Unit position is Unit 37530. Relocation swapping logic requests and receives a random entropy value from the Entropy Value generators 210 with a value of 42003. Since computer memory buffer 500 has 64 Units, 42003 modulus 64 results in a value of 19. Hence Unit 19 520 is selected as the pseudo random number (PRN) swap target Unit. Relocation logic therefore sets the Unit 19520 value to Unit 37 530 value (7) and the Unit 37 530 value to the Unit 19 520 value (0). The currently selected source Unit pointer next advances left- to-right to the next Unit, Unit 38 540 and the swapping process continues until Unit 63 550 has been swapped.
It is to be understood that a source Unit’s value remains unchanged if it is selected as both the source Unit and the target Unit. In addition, obfuscation method 220 can use Fischer- Yates shuffling, Unit swapping, or interleave both a multiplicity of times determined by values entropy value generators 210 provide.
Finally, if obfuscation method 220 encrypts input data 200 in step 310, the encryption can use values entropy value generators 210 provide to perform encryption. Lightweight, high performance obfuscation method 220 encryption could use Vernam (One Time Pad) encryption to produce ciphertext with computed Shannon Perfect Secrecy. Here, there is significant advantage in ensuring that the values entropy value generators 210 provide are computationally indistinguishable from true random numbers.
Alternately, lightweight, high performance obfuscation method 220 encryption could perform Unit-size carry-less addition, reminiscent of Caesar Cipher encryption except the encrypting addends are random values. There are no restrictions on the encryption method or method multiplicities obfuscation method 220 can use.
It is noteworthy that lightweight encryption can be totally effective when followed by Unit Equalization 330 and optional bit Unit relocation 350 that generate obfuscated input data 230 that can enjoy maximum possible entropy, unsurpassed bit stream fractionation, and unsurpassed bit dispersion.
It is to be understood that if obfuscation method 220 uses a Unit size encryption approach, the selected encryption Unit size is independent of the Unit size used for Unit Equalization 330 and Optional Bit Unit relocation 350.
De-obfuscation processes must have access to the size of input data 200, as well as all entropy values used by the obfuscation method 220. The de-obfuscation reverses each obfuscation operation in the reverse order in order to recover the input data 200. This present description discloses a multiplicity of novel data obfuscation methods. Various combinations of hardware and software components can instantiate derivative embodiments in numerous ways. The spirit of this present description is meant to encompass all such derivative embodiments.
As one example derivative embodiment, when Unit Equalization is in effect, shuffling and swapping operations can proceed using a multiple of the Optional Fixed-Size Unit Count Equalization Unit 330 Unit size during their operations. This beneficially preserves Unit Equalization construction and beneficially increases shuffling and swapping operation performance at the adverse effect of reducing equalized Unit dispersion.
A second example derivative embodiment, the previously described Optional Fixed-Size Unit Count Equalization 330 increases, up to three times, the sum of Optionally Encrypted Input Data 410 and Required Unit Size Expansion 420. This perfect Equalization expansion can be prohibitively large. Hence, it may be desirable to allow expansion only up to a selected threshold value that exceeds the sum of Optionally Encrypted Input Data 410 and Required Unit Size Expansion 420. The value of this threshold can be determined in any way.
One method to achieve this threshold goal considers the Unit inventory count values the Optional Fixed-Size Unit Count Equalization 330 step computes. Here, sub-optimal, alternative Equalization logic can repeatedly append bytes to Optionally Encrypted Input Data 410 and Required Unit Size Expansion 420. These bytes would contain Unit values associated with underrepresented Units, beginning with the most underrepresented Unit and progressing to the next Unit type. This continues until the total number of bytes equals the threshold.
Specifically, in the Optional Fixed-Size Unit Count Equalization 330 step, each Unit type has an associated final Unit inventory count. One (or more) of them is a minimum inventory count value. To simplify discussion, assume a Fixed Unit size of 2 and that Unit inventory counts are all different.
Initially, Equalization logic can repeatedly increase the minimum Inventory count value in multiples of 4 Units, each having the associated Unit value of the minimum count value. These four Units collectively occupy a single byte that is appended to the data 410 and 420. This repeated incremental increase continues until (1) the new total byte count equals the threshold value or (2) the incremented minimum Inventory Unit count approximately equals the second smallest original Inventory count value. In practice, sometimes only general approximation is possible. If the total byte threshold has not been reached, the Equalization logic increases by two the Unit inventory counts for the both the Units that originally had the minimum and the next-larger value and appends a byte containing two units of each type. This repeatedly appended type byte has two Unit values for one Unit, and two Unit values for the other. This increases the total byte count by one for each increment operation and leaves the incremented Unit counts for the two Unit types approximately equal.
This continues until (1) the total associated byte count equals the threshold value or (2) the new counts of the Units originally associated with the minimum and next to minimum inventory counts approximately equal the second largest original Unit inventory count value.
Equalization logic can continue cumulatively appending bytes to data 410 and 420 containing a mixture of Unit values of all three of these previously underrepresented Units in groups of four until the total byte threshold is reached. Each mixture appended increments the three associated inventory counts appropriately.
Eventually, the total byte count threshold is equaled and the Equalization process finishes. While, this does not provide perfect Unit Equalization, it does allow the total bye count to reach a desired threshold which may be a beneficial power of two. Moreover, this described process beneficially potentially combines the optional Unit Count Equalization 330 step and the Optional Garbage Stuffing 340 step.
A third derivative embodiment example can conduct a Unit inventory and then append constructed equalization values that intentionally over represent selected Unit types in the final Obfuscated Input Data 230.
In summary, embodiments of the present disclosure are generally directed to a general obfuscation framework with novel methods that can have many derivative variations. The spirit of this description is meant to cover all of them.
Correctly conducted, each variation type has different advantages and tradeoffs. Compared to traditional methods, Barren Plateau Data Obfuscation implementations provide significant standard encryption fortification exhibiting unsurpassed: (1) impenetrability (2) performance (multi-core, thread safe, reduced computations and memory references), (3) crypto-agility (every obfuscation is different), (4) scalability (efficient, pure software implementations are feasible for edge-to-cloud deployments), (5) secrecy (exceeds Shannon Perfect Secrecy), (6) entropy (exceeds maximum possible Shannon Information Secrecy), (6) compactness (no padding required), (7) sustainability (selectable unit size and scrambling levels can preserve computational energy), (8) unconstrained antifragility (increased injected entropy increases encryption strength), and (9) simplicity (enables complete methodology source code transparency).
Decryption methods must be able to (1) identify original Input Data 200 size (2) be able to reconstruct correctly initialized Entropy Value Generators 210 (3) operate Entropy Value Generators 210 identically.
The present disclosure provides many embodiment variations. Consequently, varying applications can integrate these embodiment variations in a multiplicity of ways.
For example, the current, industry-standard Secure Socket Layer (SSL) and its successor Transport Layer Security (TLS) are cryptographic protocols intended to provide communication security over computer networks. These protocols conduct intricate “handshake” processes that exchange multiple messages in order to generate (1) bulk data encryption keys and (2) Message Authentication Code (MAC) keys.
Practitioners skilled in the art appreciate that the Internet Assigned Numbers Authority (IANA) enumerates a multiplicity of standardized SSL/TLS Cipher Suites. These Cipher Suites provide a means to establish encryption and MAC keys.
Unfortunately, some of these Cipher Suites (such as Cipher Suites relying on RSA and Diffie-Hellman methods) are widely considered to be vulnerable to Quantum Computer attacks that completely compromise their security and integrity. Hence, such Quantum Computer attacks threaten the keys these SSL/TLS Cipher Suites generate. However, the effort for global enterprises to replace vulnerable SSL/TLS Cipher Suites can be significant, expensive, and involve many years.
Embodiments of the present disclosure provide an expedient means to obfuscate vulnerable SSL/TLS encryption key and MAC values and transform them into new keys with new values. The new, obfuscated key values can replace the vulnerable “handshake” derived encryption and integrity verification key values, thereby providing communication sessions protection from Quantum Computer decryption attacks.
Achieving enhanced security and integrity improvement by modifying session encryption and MAC key values is possible (as one embodiment example) by providing out-of-transmission- band, obfuscation guidance after SSL/TLS protocol completion. This guidance could involve (as an example) a multiplicity of Multi Factor Authentication (MFA) means. Achieving enhanced security and integrity improvement by modifying session encryption and MAC key values can also be accomplished during the handshake process. Modifying keys during the handshake process potentially requires a SSL/TLS protocol modification to acknowledge key value transformation before protocol “FINISHED” message exchanges.
Alternately, following SSL/TLS protocol completion, using high-performance methods described in this present description, an established session can obfuscate plaintext transmission data before requesting its transmission.
Aspects of the disclosure may operate on particularly created hardware, firmware, digital signal processors, or on a specially programmed computer including a processor operating according to programmed instructions. The terms controller or processor as used herein are intended to include microprocessors, microcomputers, Application Specific Integrated Circuits (ASICs), and dedicated hardware controllers. One or more aspects of the disclosure may be embodied in computer-usable data and computer-executable instructions, such as in one or more program modules, executed by one or more computers (including monitoring modules), or other devices. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types when executed by a processor in a computer or other device. The computer executable instructions may be stored on a computer readable storage medium such as a hard disk, optical disk, removable storage media, solid state memory, Random Access Memory (RAM), etc. As will be appreciated by one of skill in the art, the functionality of the program modules may be combined or distributed as desired in various aspects. In addition, the functionality may be embodied in whole or in part in firmware or hardware equivalents such as integrated circuits, FPGA, and the like.
Particular data structures may be used to more effectively implement one or more aspects of the disclosure, and such data structures are contemplated within the scope of computer executable instructions and computer-usable data described herein.
The disclosed aspects may be implemented, in some cases, in hardware, firmware, software, or any combination thereof. The disclosed aspects may also be implemented as instructions carried by or stored on one or more or computer-readable storage media, which may be read and executed by one or more processors. Such instructions may be referred to as a computer program product. Computer-readable media, as discussed herein, means any media that may be accessed by a computing device. By way of example, and not limitation, computer- readable media may comprise computer storage media and communication media.
It will be appreciated that variants of the above-disclosed and other features and functions, or alternatives thereof, may be combined into many other different systems or applications.
Various presently unforeseen or unanticipated alternatives, modifications, variations, or improvements therein may be subsequently made by those skilled in the art.

Claims

Claims
1. A computer-implemented method of obfuscation, comprising: applying an optional encryption process unless input data is already securely encrypted; applying a Unit expansion determination; applying an optional fixed-size Unit count Equalization; applying an optional garbage stuffing process that includes appending garbage bytes that preserve Unit Equalization; applying an optional bit unit relocation process that includes randomizing each Unit’ s value within obfuscated input data using random, or pseudo random values that Entropy Value Generators provide; applying an optional PRN division process that includes dividing the obfuscated input data into a randomly determined multiplicity of independent, mutually exclusive, and collectively exhaustive byte sequences; and performing a final disposition of the obfuscated input data using an out-of-order bytesequence presentation of the obfuscated input data consuming recipient.
2. The computer-implemented method of claim 1, further comprising: using SSL/TLS encryption key and MAC key obfuscation to generate new key values.
3. The computer-implemented method of claim 2, further comprising: using Multi Factor Authentication (MFA) to provide SSL/TLS key obfuscation guidance or obfuscation parameters.
4. The computer-implemented method of claim 1, further comprising: performing a Unit expansion based on Unit size for unit size divisibility.
5. The computer-implemented method of claim 1, further comprising: performing an optional high performance, lightweight encryption as an obfuscation precursor step to the equalization, garbage stuffing, or relocation steps.
6. The computer-implemented method of claim 1, further comprising: using Modified Caesar Cipher lightweight encryption by using pseudo random values as addend values.
7. The computer-implemented method of claim 1, further comprising: using equalization padding that allows increasing or decreasing relative Unit count ratios.
8. The computer-implemented method of claim 1, further comprising: using Garbage Stuffing that optionally preserves existing Unit Equalization count ratios.
9. The computer-implemented method of claim 1, further comprising: using equalization and garbage stuffing Unit expansion to a collective size that is a power of 2 for perfect, high performance modulus calculations using Boolean AND operations.
10. The computer-implemented method of claim 1, further comprising: performing the Unit relocation before encryption.
11. The computer-implemented method of claim 1, wherein the fixed-size Unit count Equalization and the garbage stuffing process can be used to further obfuscate the Pseudo Random Numbers produced by the Entropy Value Generators.
12. The computer-implemented method of claim 11, wherein obfuscating the Pseudo Random Numbers produced by the Entropy Value Generators may reduce or otherwise obviate the need to equalize a garbage stuffed ciphertext.
13. The computer-implemented method of claim 1, further comprising: configuring or initializing the Entropy Value Generators by using an algorithmic means to sample and algorithmically combine source data values of any type to produce said Entropy Value Generators configuration specifications and initialization values.
14. One or more non-transitory computer-readable media storing instructions that, when executed by one or more processors, cause the one or more processors to perform the computer- implemented obfuscation method of claim 1.
15. A computer-implemented method, comprising segmenting data and storing or transmitting the data segments out of order to a data storage or transmission means.
16. The computer-implemented method of claim 15, wherein the storing or transmitting the data segments out of order to a data storage or transmission means comprises: storing or transmitting the data segments out of order to the data storage or transmission means using scatter gather Input/Output (I/O) logic.
PCT/US2024/027848 2023-05-05 2024-05-03 Unconstrained barren plateau data obfuscation Pending WO2024233394A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202363500433P 2023-05-05 2023-05-05
US63/500,433 2023-05-05

Publications (1)

Publication Number Publication Date
WO2024233394A1 true WO2024233394A1 (en) 2024-11-14

Family

ID=93431061

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2024/027848 Pending WO2024233394A1 (en) 2023-05-05 2024-05-03 Unconstrained barren plateau data obfuscation

Country Status (1)

Country Link
WO (1) WO2024233394A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150278491A1 (en) * 1999-07-29 2015-10-01 Intertrust Technologies Corporation Software self-defense systems and methods
KR20170067133A (en) * 2015-12-07 2017-06-15 더 보잉 컴파니 Hardware assisted fast pseudorandom number generation
US20210097154A1 (en) * 2018-03-26 2021-04-01 Data Signals Limited Method and apparatus for data obfuscation
WO2021247766A1 (en) * 2020-06-05 2021-12-09 William David Schwaderer Shapeshift data encryption methods and systems
US11455409B2 (en) * 2018-05-21 2022-09-27 Pure Storage, Inc. Storage layer data obfuscation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150278491A1 (en) * 1999-07-29 2015-10-01 Intertrust Technologies Corporation Software self-defense systems and methods
KR20170067133A (en) * 2015-12-07 2017-06-15 더 보잉 컴파니 Hardware assisted fast pseudorandom number generation
US20210097154A1 (en) * 2018-03-26 2021-04-01 Data Signals Limited Method and apparatus for data obfuscation
US11455409B2 (en) * 2018-05-21 2022-09-27 Pure Storage, Inc. Storage layer data obfuscation
WO2021247766A1 (en) * 2020-06-05 2021-12-09 William David Schwaderer Shapeshift data encryption methods and systems

Similar Documents

Publication Publication Date Title
EP2852089B1 (en) Data protecting apparatus and method thereof
KR101345083B1 (en) Encryption protection method
US10320554B1 (en) Differential power analysis resistant encryption and decryption functions
US8428251B2 (en) System and method for stream/block cipher with internal random states
US9143317B2 (en) Protecting against white box attacks using column rotation
US9515818B2 (en) Multi-block cryptographic operation
US20060126843A1 (en) Method and apparatus for increasing the speed of cryptographic processing
CN107147487B (en) Symmetric key random block cipher
CN113940028A (en) Method and device for realizing white-box password
CN1672352A (en) Advanced encryption standard (AES) hardware cryptographic engine
US9425959B1 (en) Security variable scrambling
WO2012132623A1 (en) Encryption processing device, encryption processing method, and programme
KR101119933B1 (en) Permutation Data Transformation to Enhance Security
Abd Ali et al. Novel encryption algorithm for securing sensitive information based on feistel cipher
KR101143041B1 (en) Stream cipher design with revolving buffers
CN117411618B (en) Key generation method, device and encryption method used in international competitions
CN115730296A (en) Secure Execution of Cryptographic Procedures
WO2024233394A1 (en) Unconstrained barren plateau data obfuscation
RU2503135C1 (en) Method for cryptographic transformation of information and apparatus for realising said method
Shete et al. Image encryption using AES algorithm: study and evaluation
Liu et al. iCETD: An improved tag generation design for memory data authentication in embedded processor systems
Rasna et al. Comparison of Security Signing Data Authentication Integrity in Combination of Digest And AES Message Algorithm
Tun et al. Message Security using One Time Pad and AES Hybrid Cryptography
Essam Augmented Image Encryption for Business Applications using Jigsaw Transform
Huang et al. The Unified Operation Structure for Symmetric-Key Algorithm

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24804050

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE