Prosecution Insights
Last updated: July 17, 2026
Application No. 18/198,667

CALCULATING METHOD USING ZERO-KNOWLEDGE PROOF-FRIENDLY ONE-WAY FUNCTION, AND APPARATUS FOR IMPLEMENTING THE SAME

Non-Final OA §103
Filed
May 17, 2023
Priority
May 18, 2022 — RE 10-2022-0060914
Examiner
MAAZOUZ, GHIZLANE
Art Unit
2499
Tech Center
2400 — Computer Networks
Assignee
Korea Advanced Institute of Science and Technology
OA Round
3 (Non-Final)
57%
Grant Probability
Moderate
3-4
OA Rounds
1m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 57% of resolved cases
57%
Career Allowance Rate
24 granted / 42 resolved
-0.9% vs TC avg
Strong +49% interview lift
Without
With
+49.3%
Interview Lift
resolved cases with interview
Typical timeline
3y 3m
Avg Prosecution
10 currently pending
Career history
60
Total Applications
across all art units

Statute-Specific Performance

§103
92.9%
+52.9% vs TC avg
§102
6.5%
-33.5% vs TC avg
§112
0.6%
-39.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 42 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on April 30, 2026 has been entered. Response to Amendment The amendments filed on April 30, 2026 have been entered. Claims 1 and 12 have been amended. Claim 9 has been canceled. Response to Arguments Applicant's arguments filed on April 30, 2026, have been fully considered but they are moot in view of the new grounds of rejection. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, 3, 7-8, 10, 12, 14, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kuang et al. (Pub. No. US 2022/0224509), hereinafter Kuang, in view of Farooq et al. (Pub. No. US 2022/0166600), hereinafter Farooq. Claim 1. Kuang discloses a calculating method using a zero-knowledge proof- friendly one-way function, performed by a computing device, the calculating method comprising: acquiring a first intermediate bit stream by inputting an input bit stream of a function to an augmented matrix (See Parag. [0062] and Fig. 11; the entropy expander 37 takes the conventional AES keys 75 (e.g., AES round keys) as its N-bit input data words (input bit stream) … producing N-bit output data words based on selecting the k.sup.th permutation element in a set of M permutation elements (e.g., switch fabrics or permutation matrices). The N-bit output data words (first intermediate bit stream) are thus the modified AES keys 73 (e.g., modified AES round keys) provided to the AES encryption block 72. See Parag. [0083]; The g function consists of three stages: an S-Box transformation, a permutation, and an exclusive-or); acquiring a second intermediate bit stream by dividing the first intermediate bit stream into a predetermined number of bit streams and inputting each of the predetermined number of divided bit streams to a substitution-box (S-box) (See Parag. [0076]; the four sub-operations of AES are AddRoundKey, SubBytes, ShiftRows, and MixColumns … See Parag. [0078] and Fig. 11; The SubBytes phase of AES involves splitting the input (i.e., The N-bit output data words (first intermediate bit stream)) provided to the AES encryption block 72) into bytes (second intermediate bit stream) and passing each through a Substitution Box or S-Box); and outputting an output bit stream of the one-way function by inputting the second intermediate bit stream to a reduced matrix (See Parag. [0076]; the four sub-operations of AES are AddRoundKey, SubBytes, ShiftRows, and MixColumns … See Parag. [0079]; In the ShiftRows phase of AES, each row of the 128-bit internal state of the cipher is shifted. The rows in this stage refer to the standard representation of the internal state in AES, which is a 4×4 matrix where each cell contains a byte. Bytes of the internal state are placed in the matrix across rows from left to right and down columns. See Parag. [0061]; the AES encryption block 72 is used to encrypt plaintext 77 (such as data that the sender device 12 wishes to transmit) into ciphertext 78 (output bit stream) using a set of AES keys (e.g., AES round keys). See also Parag. [0081]), Kuang doesn’t explicitly disclose the S-box having algebraic degree greater than a preset threshold and being used in a single round, not repeatedly in multiple rounds ; and the function as one-way function; wherein the one-way function being configured as the single round. However, Farooq discloses the S-box having algebraic degree greater than a preset threshold and being used in a single round, not repeatedly in multiple rounds; and the function as one-way function; wherein the one-way function being configured as the single round (See Parag. [0139]; FIG. 29 shows the detailed structure of an S-Box 2902 for AES, that may be used as an embodiment of Confusion Box 2806 of FIG. 28. AES S-Box 2902 accepts 8-bit bytes X=(x.sub.7, . . . , x.sub.1, x.sub.0) of clear text and outputs 8-bit bytes Y=(y.sub.7, . . . , y.sub.1, y.sub.0) of cipher text. It is considered to be an 16×16 S-box because it may be implemented as a substitution table which uses the upper 4 bits (16 possible values) and the lower 4 bits (16 possible values) to index into a 16×16 substitution table (256 possible values) to obtain the one-to-one mapping of the input byte to the output byte (256 possible values). To create the substitution table or to perform the transformation in real-time, the AES S-box 2902 has two main stages that transform the data. First, Nonlinear transformation 2904 creates the multiplicative inverse, Z, of the input byte X. Since there is a need to have the output have the same number of bits as the input, Z is the multiplicative inverse in the Galois Field GF(2.sup.8) as would be known to one skilled in the art of finite field mathematics. This is accomplished by applying the Divider Polynomial 2906 in Power Function 2908. For AES, Divider Polynomial 2906 is the irreducible polynomial x.sup.8+x.sup.4+x.sup.3+x+1. See Parag. [0084]; if an instance of randomness enhancer 604 utilizes only the S-box 706 of an encryption method then the randomness gain in the generated output data stream S.sub.ox is representative of the strength of S-box 706. If instead an instance of randomness enhancer 604 utilizes a mangling function with a round logic around it, such as 1 Round 708 or n Rounds 710, then the randomness gain in the generated output data stream S.sub.ox is representative of the cryptographic strength of 1 Round 708 (or n Rounds 710) of an encryption method). It would have been obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the teaching, taught by Kuang, to include the S-box having algebraic degree greater than a preset threshold and being used in a single round, not repeatedly in multiple rounds and wherein the one-way function being configured as the single round, as taught by Farooq. This would be convenient to for generating strong cryptography devices, systems and methods using customizable and evolving cryptography (Farooq, Parag. [0002]). Claim 3. Kuang in view of Farooq discloses the calculating method of claim 1, Kuang further discloses wherein the S-box includes K number of sub S-boxes (K being a natural number greater than or equal to 1), and the calculating the second intermediate bit stream includes: dividing the first intermediate bit stream into K number of bit streams; and inputting each of the K number of divided bit streams to each of the K number of sub S-boxes (See Parag. [0104]; if a block is sixteen consecutive 8-bit input words, k may remain constant for sixteen consecutive 8-bit input words. The next set of 8-bit input words uses another S-box selected with the next value of k, and so on). Claim 7. Kuang in view of Farooq discloses the calculating method of claim 1, Kuang discloses the method further comprising generating the reduced matrix, wherein the generating the reduced matrix includes: configuring a first row and/or a first column of the reduced matrix based on a random value; and forming remaining rows or remaining columns of the reduced matrix through a circular shift for the first row and/or the first column (See Parag. [0079; In the ShiftRows phase of AES, each row of the 128-bit internal state of the cipher is shifted. The rows in this stage refer to the standard representation of the internal state in AES, which is a 4×4 matrix where each cell contains a byte. Bytes of the internal state are placed in the matrix across rows from left to right and down columns… See also Parag. [0081]). Claim 8. Kuang in view of Farooq discloses the calculating method of claim 1, Kuang discloses the method further comprising configuring entire rows and/or entire columns of the augmented matrix and entire rows and/or entire columns of the reduced matrix based on random values (See Parag. [0107]; an entropy expander 37 used to enhance entropy of a system PRNG 80 that supplies a stream of N-bit pseudo-random numbers y0, y1, . . . , resulting in a stream of N-bit pseudo-random numbers z0, z1, . . . . Details of the system show a randomizer 39 that produces a randomized value k between 0 and M−1, where M>1. The randomizer 39 may include a PRNG 41 and may include a mapper 42, as has already been described. A switching core 51 may be configured to convert an N-bit input data word y0, y1, . . . , into a 2.sup.N-element sparse input bit array and to process the 2.sup.N-element sparse input bit array with the k.sup.th of M permutation elements to produce an 2.sup.N-element sparse output bit array … See also Parag. [0108]). Claim 10. Kuang in view of Farooq discloses the calculating method of claim 1, Kuang discloses the method further comprising performing a zero-knowledge proof-based digital signature by using the input bit stream and the output bit stream of the one-way function (See Parag. [0057]; entropy expander can be the one implemented by the sender device 12 or the recipient device 13. At step 1010, an N-bit input data word is received. At step 1020, a value of k is generated, e.g., based on the secret S ... See Parag. [0033]; the sender device 12 and the recipient device 13 are each configured to store a secret S in their respective memories 15, 21. The secret S may be a data element 27 encoded using a plurality of bits 28 or other digital symbols (e.g., hexadecimal characters). The same secret S is known to both the sender device 12 and the recipient device 13). Claim 12. Kuang discloses a computing device comprising: one or more processors; and a storage configured to store a computer program executable by the one or more processors (See Fig. 1), wherein the computer program comprises: first calculation code configured to cause the one or more processors to acquire a first intermediate bit stream by inputting an input bit stream of a one-way function to an augmented matrix (See Parag. [0062] and Fig. 11; the entropy expander 37 takes the conventional AES keys 75 (e.g., AES round keys) as its N-bit input data words (input bit stream) … producing N-bit output data words based on selecting the k.sup.th permutation element in a set of M permutation elements (e.g., switch fabrics or permutation matrices). The N-bit output data words (first intermediate bit stream) are thus the modified AES keys 73 (e.g., modified AES round keys) provided to the AES encryption block 72. See Parag. [0083]; The g function consists of three stages: an S-Box transformation, a permutation, and an exclusive-or); second calculation code configured to cause the one or more processors to acquire a second intermediate bit stream by dividing the first intermediate bit stream into a predetermined number of bit streams and inputting each of the predetermined number of divided bit streams to S-box (See Parag. [0076]; the four sub-operations of AES are AddRoundKey, SubBytes, ShiftRows, and MixColumns … See Parag. [0078] and Fig. 11; The SubBytes phase of AES involves splitting the input (i.e., The N-bit output data words (first intermediate bit stream)) provided to the AES encryption block 72) into bytes (second intermediate bit stream) and passing each through a Substitution Box or S-Box); and output code configured to cause the one or more processors to output an output bit stream of the one-way function by inputting the second intermediate bit stream to a reduced matrix (See Parag. [0076]; the four sub-operations of AES are AddRoundKey, SubBytes, ShiftRows, and MixColumns … See Parag. [0079]; In the ShiftRows phase of AES, each row of the 128-bit internal state of the cipher is shifted. The rows in this stage refer to the standard representation of the internal state in AES, which is a 4×4 matrix where each cell contains a byte. Bytes of the internal state are placed in the matrix across rows from left to right and down columns. See Parag. [0061]; the AES encryption block 72 is used to encrypt plaintext 77 (such as data that the sender device 12 wishes to transmit) into ciphertext 78 (output bit stream) using a set of AES keys (e.g., AES round keys). See also Parag. [0081]). Kuang doesn’t explicitly disclose the S-box having algebraic degree greater than a preset threshold and being used in a single round, not repeatedly in multiple rounds ; and the function as one-way function; wherein the one-way function being configured as the single round. However, Farooq discloses the S-box having algebraic degree greater than a preset threshold and being used in a single round, not repeatedly in multiple rounds; and the function as one-way function; wherein the one-way function being configured as the single round (See Parag. [0139]; FIG. 29 shows the detailed structure of an S-Box 2902 for AES, that may be used as an embodiment of Confusion Box 2806 of FIG. 28. AES S-Box 2902 accepts 8-bit bytes X=(x.sub.7, . . . , x.sub.1, x.sub.0) of clear text and outputs 8-bit bytes Y=(y.sub.7, . . . , y.sub.1, y.sub.0) of cipher text. It is considered to be an 16×16 S-box because it may be implemented as a substitution table which uses the upper 4 bits (16 possible values) and the lower 4 bits (16 possible values) to index into a 16×16 substitution table (256 possible values) to obtain the one-to-one mapping of the input byte to the output byte (256 possible values). To create the substitution table or to perform the transformation in real-time, the AES S-box 2902 has two main stages that transform the data. First, Nonlinear transformation 2904 creates the multiplicative inverse, Z, of the input byte X. Since there is a need to have the output have the same number of bits as the input, Z is the multiplicative inverse in the Galois Field GF(2.sup.8) as would be known to one skilled in the art of finite field mathematics. This is accomplished by applying the Divider Polynomial 2906 in Power Function 2908. For AES, Divider Polynomial 2906 is the irreducible polynomial x.sup.8+x.sup.4+x.sup.3+x+1. See Parag. [0084]; if an instance of randomness enhancer 604 utilizes only the S-box 706 of an encryption method then the randomness gain in the generated output data stream S.sub.ox is representative of the strength of S-box 706. If instead an instance of randomness enhancer 604 utilizes a mangling function with a round logic around it, such as 1 Round 708 or n Rounds 710, then the randomness gain in the generated output data stream S.sub.ox is representative of the cryptographic strength of 1 Round 708 (or n Rounds 710) of an encryption method). It would have been obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the teaching, taught by Kuang, to include the S-box having algebraic degree greater than a preset threshold and being used in a single round, not repeatedly in multiple rounds and wherein the one-way function being configured as the single round, as taught by Farooq. This would be convenient to for generating strong cryptography devices, systems and methods using customizable and evolving cryptography (Farooq, Parag. [0002]). Claim 14. The applicant is directed to the rejections to claim 3 set forth above, as it is rejected based on the same rationale. Claim 18. The applicant is directed to the rejections to claim 7 set forth above, as it is rejected based on the same rationale. Claim 19. The applicant is directed to the rejections to claim 8 set forth above, as it is rejected based on the same rationale. Claim 20. The applicant is directed to the rejections to claim 11 set forth above, as it is rejected based on the same rationale. Claims 4 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Kuang et al. (Pub. No. US 2022/0224509), hereinafter Kuang, in view of Farooq et al. (Pub. No. US 2022/0166600), hereinafter Farooq; in further view of Satpathy et al. (Pub. No. US 2019/0199517), hereinafter Satpathy. Claim 4. Kuang in view of Farooq discloses the calculating method of claim 3, Kuang in view of Farooq discloses doesn’t explicitly disclose wherein each of the K number of sub S- boxes has a nonlinear function for performing a polynomial operation on a finite field. However, Satpathy discloses wherein each of the K number of sub S- boxes has a nonlinear function for performing a polynomial operation on a finite field (See Parag. [0026]; Sbox SB uses the reduction polynomial to reduce all intermediate results to 8-bit values. See Parag. [0029]; In the embodiment of FIG. 1, FSM 46 includes registers R1, R2, and R3, each of which holds 32 bits, as well as Sboxes SA and SB). It would have been obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the teaching, taught by Kuang in view of Farooq, to include each of the K number of sub S- boxes has a nonlinear function for performing a polynomial operation on a finite field, as taught by Satpathy. This would be convenient to reduce each of those exponents using the reduction polynomial (Satpathy, Parag. [0026]). Claim 15. The applicant is directed to the rejections to claim 4 set forth above, as it is rejected based on the same rationale. Claims 6 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Kuang et al. (Pub. No. US 2022/0224509), hereinafter Kuang, in view of Farooq et al. (Pub. No. US 2022/0166600), hereinafter Farooq; in further view of Jetchev et al. (Pub. No. US 2020/0336302), hereinafter Jetchev. Claim 6. Kuang in view of Farooq discloses the calculating method of claim 1, Kuang in view of Farooq doesn’t explicitly disclose the method further comprising generating the augmented matrix, wherein the generating the augmented matrix includes: configuring a first row and/or a first column of the augmented matrix based on a random value; and configuring remaining rows or remaining columns of the augmented matrix through a circular shift for the first row and/or the first column. However, Jetchev discloses generating the augmented matrix, wherein the generating the augmented matrix includes: configuring a first row and/or a first column of the augmented matrix based on a random value; and configuring remaining rows or remaining columns of the augmented matrix through a circular shift for the first row and/or the first column (See Parag. [0030]; We create a matrix X consisting of columns x.sub.1, x.sub.2, . . . , x.sub.n with each column being a vector representing a time shifted version of the time series x. We next create the augmented matrix X′ by prepending the columns of X with columns y.sub.1, y.sub.2, . . . , y.sub.m where each of the prepended columns is a vector representing a time shifted version of the time series y). It would have been obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the teaching, taught by Kuang in view of Farooq, to include configuring a first row and/or a first column of the augmented matrix based on a random value and configuring remaining rows or remaining columns of the augmented matrix through a circular shift for the first row and/or the first column, as taught by Jetchev. This would be convenient to determine a statistic for one of the plurality of time-shifted sequences of data from the independent time series as a predictor of the dependent time series of data (Jetchev, Parag. [0003]). Claim 17. The applicant is directed to the rejections to claim 6 set forth above, as it is rejected based on the same rationale. Allowable Subject Matter Claim 11 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The following is the reason for objecting to claim 11: Kuang in view of Farooq fails to fairly teach or suggest “wherein the performing the zero- knowledge proof-based digital signature includes: setting the input bit stream and the output bit stream as a secret key and a public key of a digital signature, respectively; and generating signature data for the digital signature by inputting the secret key and the public key to a proof function for a zero-knowledge proof.” In addition, no other prior art of records teaches or suggests the instant claim as a whole. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892). The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to ensuring trust validation and integrity of workflow execution. Van Leeuwen (Pub. No. US 2024/0097880); “High-Speed Circuit Combining AES and SM4 Encryption and Decryption;” Teaches a cipher accelerator circuit comprising: a first affine transformation circuit generating a first data block from an input data block, a SM4 S-box circuit configured to perform a first byte S-box operation according to a SM4 cipher and using a SM4 S-box table, the SM4 S-box operation being applied to the first transformed data block to obtain a substituted data block; and a second affine transformation circuit generating a second data block from the substituted data block, wherein the first and second affine transformation circuits are configured to perform multiplication of the substituted data block by a respective matrix and addition of a respective translation vector, and wherein the first and second affine transformations circuits are configured such that the second transformed data block is equal to the input data block processed by a second S-box operation according to another symmetric cipher using S-box tables. (See Abstract). Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHIZLANE MAAZOUZ whose telephone number is (571)272-8118. The examiner can normally be reached Telework M-F 7:30-5 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip J Chea can be reached on 571-272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GHIZLANE MAAZOUZ/Examiner, Art Unit 2499 /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

May 17, 2023
Application Filed
Aug 05, 2025
Non-Final Rejection mailed — §103
Oct 31, 2025
Response Filed
Mar 02, 2026
Final Rejection mailed — §103
Apr 30, 2026
Request for Continued Examination
May 06, 2026
Response after Non-Final Action
May 28, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12625999
LEVERAGING ACCESS CONTROLS TO SECURE BACKUP DATA STORED ON A CLOUD-BASED OBJECT STORAGE
5y 2m to grant Granted May 12, 2026
Patent 12621149
SECURE COMPONENT VERIFICATION IN INFORMATION PROCESSING SYSTEM ENVIRONMENT
2y 12m to grant Granted May 05, 2026
Patent 12574407
GENERATING A CONTENT SIGNATURE OF A TEXTUAL COMMUNICATION USING OPTICAL CHARACTER RECOGNITION AND TEXT PROCESSING
3y 3m to grant Granted Mar 10, 2026
Patent 12537680
SECURE CACHING OF NAMESPACE KEYS
3y 2m to grant Granted Jan 27, 2026
Patent 12499212
APPARATUS AND METHOD FOR KERNEL RUNTIME RANDOMIZATION
4y 0m to grant Granted Dec 16, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
57%
Grant Probability
99%
With Interview (+49.3%)
3y 3m (~1m remaining)
Median Time to Grant
High
PTA Risk
Based on 42 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month