Search

US-12627472-B2 - Data transmission using lattice-based encryption

US12627472B2US 12627472 B2US12627472 B2US 12627472B2US-12627472-B2

Abstract

Disclosed herein are various embodiments for providing data transmission using lattice-based encryption. An embodiment operates by receiving a request from a client device and generating a lattice-based private key and a lattice-based public key in response to receiving the request. The lattice-based public key is transmit to the client device. An encrypted symmetric private key is received, wherein the encrypted symmetric private key is encrypted using the lattice-based public key. The encrypted symmetric private key is decrypted using the lattice-based private key. An encrypted payload data transmitted by the client device is received and decrypted using the symmetric private key.

Inventors

  • Srinivasan Rangaraj

Assignees

  • CAPITAL ONE SERVICES, LLC

Dates

Publication Date
20260512
Application Date
20230522

Claims (18)

  1. 1 . A computer-implemented method for encrypting payload data, the method comprising: receiving a request from a client device; generating a lattice-based private key and a lattice-based public key in response to receiving the request; transmitting the lattice-based public key to the client device using a transport layer security (TLS) communication pathway; receiving an encrypted symmetric private key over the TLS communication pathway, wherein the encrypted symmetric private key is encrypted using the lattice-based public key; wherein the lattice-based public key is transmitted using a first transportation layer security communication and the encrypted symmetric private key is received using a second transportation layer security communication; decrypting the encrypted symmetric private key using the lattice-based private key; receiving double-encrypted and noise-obfuscated payload data transmitted by the client device via the TLS communication pathway, wherein the payload data is double-encrypted using the symmetric private key and the lattice-based public key and noise-obfuscated by adding noise to the payload data; and decrypting the double-encrypted and noise-obfuscated payload data using the symmetric private key and the lattice-based private key and by ignoring the noise.
  2. 2 . The computer-implemented method of claim 1 , wherein the request is transmitted using Hypertext Transfer Protocol Secure (HTTPS).
  3. 3 . The computer-implemented method of claim 1 , wherein the request is for accessing a web-domain from a browser executing on the client device.
  4. 4 . The computer-implemented method of claim 1 , wherein generating the public and private lattice-based keys is performed by using a lattice algorithm.
  5. 5 . The computer-implemented method of claim 1 , wherein generating the public and private lattice-based keys is performed by using a lattice algorithm and a Rivest-Shamir-Adleman (RSA) code-based algorithm.
  6. 6 . The computer-implemented method of claim 1 , wherein the encrypted payload is received from a transport layer security (TLS) end-point.
  7. 7 . A system for encrypting payload data, the system comprising: a memory; and a processor coupled to the memory, wherein the processor is configured to perform operations comprising: receiving a request from a client device; generating a lattice-based private key and a lattice-based public key in response to receiving the request; transmitting the lattice-based public key to the client device using a transport layer security (TLS) communication pathway; receiving an encrypted symmetric private key over the TLS communication pathway, wherein the encrypted symmetric private key is encrypted using the lattice-based public key; wherein the lattice-based public key is transmitted using a first transportation layer security communication and the encrypted symmetric private key is received using a second transportation layer security communication; decrypting the encrypted symmetric private key using the lattice-based private key; receiving double-encrypted and noise-obfuscated payload data transmitted by the client device via the TLS communication pathway, wherein the payload data is double-encrypted using the symmetric private key and the lattice-based public key and noise-obfuscated by adding noise to the payload data; and decrypting the double-encrypted payload data using the symmetric private key and the lattice-based private key and by ignoring the noise.
  8. 8 . The system of claim 7 , wherein the request is transmitted using Hypertext Transfer Protocol Secure (HTTPS).
  9. 9 . The system of claim 7 , wherein the request is for accessing a web-domain from a browser executing on the client device.
  10. 10 . The system of claim 7 , wherein generating the public and private lattice-based keys is performed by using a lattice algorithm.
  11. 11 . The system of claim 7 , wherein generating the public and private lattice-based keys is performed by using a lattice algorithm and a Rivest-Shamir-Adleman (RSA) code-based algorithm.
  12. 12 . The system of claim 7 , wherein the encrypted payload is received from a transport layer security (TLS) end-point.
  13. 13 . A non-transitory computer-readable medium having instructions stored thereon that, when executed by at least one computing device, cause the at least one computing device to perform operations comprising: transmitting a request to access a web-domain; receiving, via using a transport layer security (TLS) communication pathway, a lattice-based public key from a server associated with the web-domain; generating a symmetric private key; encrypting the symmetric private key using the lattice-based public key; transmitting the encrypted symmetric key to the server over the TLS communication pathway; wherein the lattice-based public key is received using a first transportation layer security communication and the encrypted symmetric private key is transmitted using a second transportation layer security communication; double-encrypting and noise-obfuscating payload data using the symmetric private key and the lattice-based public key and by adding noise to the payload data; and transmitting the encrypted payload data to the web-domain via the TLS communication pathway.
  14. 14 . The non-transitory computer-readable medium of claim 13 , wherein the request is transmitted using Hypertext Transfer Protocol Secure (HTTPS).
  15. 15 . The non-transitory computer-readable medium of claim 13 , wherein the request is transmitted from a browser executing on a client device.
  16. 16 . The non-transitory computer-readable medium of claim 13 , wherein the server uses a lattice-based private key to decrypt the encrypted symmetric private key.
  17. 17 . The non-transitory computer-readable medium of claim 13 , wherein the encrypted payload is transmitted to a transport layer security (TLS) end-point.
  18. 18 . The non-transitory computer-readable medium of claim 13 , wherein the encrypted symmetric private key is encrypted using a Rivest-Shamir-Adleman (RSA) encryption.

Description

BACKGROUND Entities often implement Rivest-Shamir-Adleman (RSA) based encryption for securing data transmissions. RSA includes a public key and a private key. The public key is used for encrypting data and the private key is used for decrypting the data. In RSA, the public key and private key are generated using prime numbers. With conventional computing, it was difficult to identify the prime numbers to break the encryption. However, with the advent of quantum crypto machines, identifying the prime numbers involved in RSA encryption is becoming faster, easier, and more prevalent. As such, RSA encryption keys are vulnerable to quantum crypto attacks. Therefore, using RSA encryption may create security issues during transmission of sensitive data. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings are incorporated herein and form a part of the specification. FIG. 1 is a block diagram illustrating a system for data transmission using lattice-based encryption, according to some example embodiments. FIG. 2 is a flowchart illustrating a process for data transmission using lattice-based encryption from a server point-of-view, according to some embodiments. FIG. 3 is a flowchart illustrating a process for data transmission using lattice-based encryption from a client point-of-view, according to some embodiments. FIG. 4 is an example computer system useful for implementing various embodiments. In the drawings, like reference numbers generally indicate identical or similar elements. Additionally, generally, the leftmost digit(s) of a reference number identifies the drawing in which the reference number first appears. DETAILED DESCRIPTION Provided herein are system, apparatus, device, method and/or computer program product embodiments, and/or combinations and sub-combinations thereof, for providing data transmission using lattice-based encryption. Entities often implement Rivest-Shamir-Adleman (RSA) based encryption for securing data transmissions. RSA includes a public key and a private key. The public key is used for encrypting data and the private key is used for decrypting the data. In RSA, the public key and private key are generated using prime numbers. With conventional computing, it was difficult to identify the prime numbers to break the encryption. However, with the advent of quantum crypto machines, identifying the prime numbers involved in RSA encryption is becoming faster, easier, and more prevalent. As such, RSA encryption keys are vulnerable to quantum crypto attacks. Therefore, using RSA encryption may create security issues during transmission of sensitive data. As described above, with the uptick in the availability and use of quantum crypto machines, RSA encryption keys have been vulnerable to quantum crypto attacks. This vulnerability creates security risks when transmitting secure data. For example, online-banking applications often use RSA encryption to encrypt sensitive data. This may include usernames, passwords, social security number, account numbers, etc. However, given its vulnerabilities, using RSA encryption to encrypt sensitive data poses a risk for users using online-banking applications, or other applications that rely on secured transmissions. Additionally, online-banking applications may use a transport layer security (TLS) protocol to transmit data between the application (which may be operating on a client device) and a server. The TLS protocol may involve exchanging security certificates between the client and server. It may be difficult and burdensome to change the infrastructure supporting TLS to add additional security. Moreover, changing the encryption process of the data stored in the cloud may be challenging. Embodiments described herein solve these problems by using lattice-based encryption and leveraging existing TLS communications. FIG. 1 is a block diagram illustrating a system for data transmission using lattice-based encryption, according to some example embodiments. In some embodiments, a server 100 may receive a request from a client device 110, such as a request for access to website 102 or a request for a particular transaction to be executed. In some embodiments, the server 100 may generate a lattice-based public key 130 and a lattice-based private key 132 in response to receiving the request. The server 100 may transmit the lattice-based public key 130 to the client device 110. The server 100, may receive a symmetric private key 134 from the client device 110 that has been encrypted using the lattice-based public key 130. The server 100 may then decrypt the encrypted symmetric private key 134 using the lattice-based private key 132 and may receive any additional payload data that may have been transmit with the symmetric key 134. The server 100 and client device 110 may then encrypt payload data of subsequent communications using the symmetric key 134 and/or the lattice-based public key 130. In some embodiments, browser 115 may include an application op