Skip to main content

Technology Transfer Office
11 Rope Ferry Road #6210
Hanover, NH 03755-1404
Phone: (603) 646-3027
Fax: (603) 646-3670
E-Mail: technology.transfer@dartmouth.edu
 

A Technology and Process for Encrypted Execution of Encrypted Programs

The focus in most modern encryption technology has been on the encryption of data and programs "in transit" between trusted computers within a network. An eavesdropper or interceptor of the data would have difficulty interpreting the encrypted data if the cryptosystem used has been soundly designed using techniques accepted as state-of-the-art today. However, if a computer in such a network has been compromised (hacked into or physically controlled by an adversary for example), then the encrypted information can in general be decrypted and semantically understood by an adversary. In fact, the cryptographic key is stored on the compromised computer because the data must be decrypted to be useful in a traditional computation.

We have invented a new technology for executing encrypted programs in their encrypted forms, without having to resort to decryption first. The method is mathematically sound in the sense that any two encrypted programs of the same size will have identical statistics, making them completely undecipherable in a strong mathematical sense. The data on which these programs operate can be in encrypted form as well.

The techniques used include: representations of computer programs as reversible or quantum computations (applicable to every Turing program with a bounded number of operations), mathematical and statistical properties of Haar distributions over the group of unitary matrices and the efficient generation of unitary matrices drawn from the Haar distribution.

The "key" for such an encryption is based on a number used as a seed to generate independent Gaussian variables. This key is sufficient to encrypt and decrypt the program and input/output data. The key itself can be communicated in encrypted form using some form of PKI such as the RSA algorithm or other approaches including DES and its variants.

The technique in its current form can be implemented for small programs but additional research and development is required to make the method feasible for large, complex programs written for example in Java, VBS or other distributed computing programming languages. These findings are claimed in issued United States Patent No. 7,296,163. Dartmouth is seeking an industrial partner who is interested in their further refinement and commercialization.
(Ref: J130)

Last Updated: 7/24/12