US 11,895,222 — Keyless Encryption via Non-Interactive Proof-of-Work

What This Patent Covers

Granted February 6, 2024 on an application filed September 14, 2023 — a continuation of an application dating to May 22, 2023 — US 11,895,222 B1 is the first issued patent in ATOFIA's portfolio and the broadest. Its stated subject is deliberately plain — it “generally relates to computing technology, and more particularly to systems and methods for data encryption, decryption, and authentication” — but the way it achieves those three things is what makes it foundational. The filing names inventors Thurman Richard White, Martin Thomas Poe III, and Martin Thomas Poe IV, assigned to ATOFIA, LLC, and spans thirteen claims across sixteen drawing sheets covering the full lifecycle from trusted setup to proof-of-work verification.

The granted abstract states the method precisely:

"A computer-implemented method for generating a ciphertext may include (1) generating a header for the ciphertext, including data configuring one or more permissions for decrypting the ciphertext; (2) generating instructions for the ciphertext; (3) generating a ciphertext body, which may include receiving data to be encrypted, retrieving at least one encryption value set (which may include a mixing scheme, a bit value, a first matrix size, a second matrix size, an encryption decider, and a decryption decider) … and generating at least one decryption value set based on the at least one encryption value set; and (4) compiling the header, the instructions, and the ciphertext body into the ciphertext." — US 11,895,222 B1, Abstract

The Problem: Trust You Cannot Verify

Almost every cryptographic system in production rests on a hierarchy. At the top sits a trust anchor — a root certificate authority — whose authority is taken on faith. The patent states the issue directly:

"Conventional cryptographic systems with a hierarchic structure include a trust anchor that is an authoritative entity for which trust is assumed and not derived." — US 11,895,222 B1

The consequence follows immediately. As the patent puts it, “the end-user using such structures must implicitly trust in the correct operation of the implementing software, and the software manufacturer must delegate trust for certain cryptographic operations to the certificate authorities.” Trust is assumed, not earned — and every assumption is an attack surface. A compromised CA, a mis-issued certificate, or a tampered software path quietly invalidates everything downstream.

The Approach: Derive Trust, Don't Assume It

US 11,895,222 takes the opposite stance. It explicitly does away with the conventional toolkit — the scheme uses no “certificate authorities, certificate chains of trust, digital signatures, hashes, or asymmetric encryption.” In their place it introduces a trust anchor that is constructed rather than declared:

"[The] systems and methods disclosed herein may include a new scheme for creating trust anchors based on context awareness, decision procedures or gateway proofs." — US 11,895,222 B1

Four Building Blocks

The disclosure assembles its scheme from a small set of primitives. Each one becomes the seed of a later, narrower patent in the portfolio:

• The Unique Single User Profile (USUP). Rather than a stored secret, identity is built by “generating a unique single user profile (USUP) based on data derived from the computing device.” The device-and-user pair is the credential.
• Encryption value sets. Instead of a single key, each message is governed by a bundle of parameters. Per the filing, an encryption value set includes “a mixing scheme, a bit value, a first matrix size, a second matrix size, an encryption decider, and the decryption decider” — and claim 4 specifies six such sets per ciphertext.
• Transformation engines. The actual scrambling is performed by interchangeable engines — “each Transformation Engine may execute a different entropy function on the input matrix.” This is the hook into ATOFIA's thermodynamic entropy work.
• Gateway proofs (proof-of-work). Verification is non-interactive: the “proof-of-work protocol include[s] one or more procedures, called gateway proofs, that the sender … and the receiver … each complete.” No back-and-forth handshake means nothing for a man-in-the-middle to sit inside of.

How a Message Flows

Independent claim 1 sets out the encryption method as four moves — build a header, build the instructions, build the ciphertext body, then compile all three:

"A computer-implemented method for generating a ciphertext, comprising: generating a header for the ciphertext … generating instructions for the ciphertext, wherein the instructions include at least one decryption value set … generating a ciphertext body, wherein generating the ciphertext body includes receiving data to be encrypted, retrieving the at least one encryption value set … generating at least one character matrix based on the data to be encrypted, executing at least one transformation operation on the at least one character matrix to generate the ciphertext body … and generating the at least one decryption value set based on the at least one encryption value set; and compiling the header, the instructions, and the ciphertext body into the ciphertext." — US 11,895,222 B1, Claim 1

The same lifecycle reads cleanly across the figures. A trusted setup (FIG. 2) and an identity / trust-providing step (FIG. 3) establish the parties. The sender constructs an encryption value set (FIG. 6A–6B) and runs the encryption method (FIG. 7, FIG. 9) to produce a structured ciphertext — header, instructions, and body (FIG. 4–5). The receiver derives the matching decryption value set (FIG. 10A–10B) and reverses it (the separate decryption method of independent claim 10; FIG. 8, FIG. 11). Throughout, a proof-of-work operation (FIG. 12) satisfies the gateway proofs that stand in for a certificate authority.

The key observation, visible directly in the claim: the encryption value set the sender uses never travels. What the sender transmits in the instructions is the decryption value set — and only a party that satisfies the gateway proof can act on it. No secret key is exchanged.

What Makes It Unique

The novelty is not a faster cipher — it is the removal of the trust hierarchy entirely. Three properties stand out:

• No authority to compromise. With no CAs, chains of trust, or signatures, there is no root to subvert and no certificate to forge. Trust is derived from context each time, not inherited from a vendor.
• No key to intercept. Because encryption is governed by per-message value sets and verification is a non-interactive proof-of-work, there is no key-exchange step — the classic interception point — to attack.
• Identity bound to hardware. The USUP ties a credential to a specific device-and-user pair, so a stolen secret is meaningless off the device it was derived from.

How the Portfolio Grows From Here

US 11,895,222 is the trunk; the later patents are branches that claim its pieces in depth. The encryption and decryption value sets become US 12,289,394 and US 12,463,796, and their transmission becomes US 12,615,138. The transformation engines and entropy functions become US 12,418,400, with the matrix-dimension generation in US 12,531,722. The trusted setup is claimed in US 12,034,832, the device-and-user identity in US 12,212,653, and the gateway-proof-plus-integrity-check in US 12,556,367. Reading this patent first makes the rest of the portfolio legible — which is exactly why it anchors this section.

It also connects to the physics — and not by analogy alone. The transformation operation the claims rely on is named explicitly:

"… executing the at least one transformation operation … includes at least one of a Transformation Engine P+1 operation; or a Transformation Engine P−1 operation." — US 11,895,222 B1, Claim 6

Those are the same continuous-mixing protocols described in ATOFIA's research on P+1 entropy mixing. The transformation engines that scramble each character matrix are where this patent meets the thermodynamic work behind the hardware trust anchor — the claim language and the physics are describing the same machine.