A method (500) includes initializing a client state (250) on a client device (120) be executing a private batched sum retrieval instruction (200) to compute c sums O of data blocks (102) from an untrusted storage device (150). Each computed sum O stored on memory hardware (122) of the client device and including a sum of a corresponding subset S of exactly k data blocks. The method also includes a query instruction (300) to retrieve a query block B.sub.q stored on the untrusted storage device by iterating through each of the c sums O of data blocks to identify one of the c sums O that does not include the query block B.sub.q, instructing a service to pseudorandomly partition the untrusted storage device into partitions and sum the data blocks in each partition to determine a corresponding encrypted data block sum (302).

The present invention concerns a method for secure data classification by a computer platform. A client sends to the platform data to be classified in encrypted form using a first symmetric key. Similarly, a supplier sends to the platform parameters of a classification model in encrypted form using a second symmetric key. The invention uses a homomorphic cryptosystem defined by a public key and a private key. The platform performs a first transcryption step by deciphering the data to be classified in the homomorphic domain and a second transcryption step by deciphering the model parameters in the homomorphic domain. The classification function is then evaluated in the homomorphic domain for providing a classification result encrypted by said public key.

There is provided an information processing system including: a first apparatus (10a) that divides a user key (UK) of a share-source user through a secret distribution process to generate a plurality of distribution keys (S1 and S2); a second apparatus (10b) that sends a processing request to execute a predetermined process by using one of a plurality of the distribution keys generated by the first apparatus; and a third apparatus (20) that makes a determination based on one of a plurality of the distribution keys generated by the first apparatus and the processing request received from the second apparatus.

A facility for performing accurate and real-time privacy-preserving biometrics verification in a client-server environment is described. The facility receives the user's biometrics data such as face, voice, fingerprint, iris, gait, heart rate, etc. The facility then processes and applies various privacy-preserving techniques to this data to complete enrollment and authenticate users, including but not limited to: encrypting data with a key using homomorphic encryption techniques and sending the encryption to the server; the server computes directly on the encryption and returns the result, which is also encrypted under the same key, to the client; the client optionally performs post-processing and decryption (in any order) and obtains the enrollment or authentication result. The facility may repeat this process to increase security level, resulting in more than 1 round trip between the client and the server. Lastly, the facility employs methods that generalize to other privacy-preserving applications beyond biometrics verification.

Certain aspects of the present disclosure provide techniques for adaptively reducing the bit size of features in a training data set used to train a machine learning model. An example method generally includes receiving a data set to be used in training a machine learning model and a definition of the machine learning model to be trained. A reduced number of bits to represent features in the data set is determined based on values of each feature in the data set and the definition of the machine learning model. A reduced bit-size data set is generated by reducing a bit size of each feature in the data set according to the reduced number of bits, and the reduced bit-size data set is encrypted using a homomorphic encryption scheme. A machine learning model is trained based on the encrypted reduced bit-size data set.

A method for data analysis according to an embodiment includes acquiring, from a client device, a ciphertext for a precomputation result generated by applying some of a plurality of operations for performing an analysis algorithm based on target data to the target data, and generating an encrypted computation result for remaining operations of the plurality of operations by using the ciphertext.

A method and apparatus for obtaining a privacy set intersection are provided. The method may include: encrypting a privacy set of an intersection initiator by using a homomorphic encryption algorithm to generate a cipher text, a cipher text function, a public key, and a private key of the intersection initiator; delivering the cipher text, the cipher text function, and the public key of the intersection initiator to an intersection server; receiving a to-be-decrypted function value of a privacy set of the intersection server from the intersection server; and decrypting the to-be-decrypted function value of the privacy set of the intersection initiator by using the private key, to obtain an intersection element of the privacy set of the intersection initiator and the privacy set of the intersection server.

Disclosed is a ciphertext computation method. The ciphertext computation method includes: receiving a modular computation command for a plurality of ciphertexts; performing a modular computation for the plurality of ciphertexts by using a lookup table storing a plurality of predetermined prime number information; and outputting a result of the computation.

Provided are methods and systems for query processing with adaptive risk decisioning. An example method includes receiving a query by a client in communication with plurality of servers. The method further includes analyzing, by the client, the query to select at least one server being configured to provide data of a data source, the data being associated with a portion of the query. The method includes acquiring, by the client, a security profile of the data source. The method includes generating, by the client and based on the query, at least one subquery for the server. The method includes sending, by the client, the subquery to the server. The server processes, based on the security profile, the subquery over the data, to obtain a result of the subquery. The method includes generating, by the client and based on the result of the subquery, a result for the query.

Advertisement targeting with a secure identity is described. A request pertaining to supplemental content targeted to an attribute of a user is posted from a requesting system to a blockchain. It is then determined that a user profile includes an attribute that matches with the attribute of the request via the blockchain. The supplemental content is then caused to be displayed in response to the determination that the user profile includes the attribute that matches with the attribute of the request and via a user interface of a device associated with a user associated with the user profile.