A method includes providing a public encryption key and a seed to a party and receiving a first encrypted data set encrypted using the public encryption key and marked by the party with a first mark based on the seed. The method also includes aggregating the first encrypted data set into an aggregated data set at an aggregator and receiving an indication that a first operation associated with the party has been performed on the aggregated data set. In response to the receiving, updating the first encrypted data set of the aggregated data set by updating the first mark to a second mark according to the first operation, generating a verification encrypted data set according to at least the second mark and at least the corresponding first operation, verifying the aggregated data set by comparing the updated first encrypted data set and the verification encrypted data set.

A function secret sharing (FSS) scheme that facilitates multiple evaluations of a secret function. The FSS scheme includes a function share based on a secret function and at least one key of a key-homomorphic pseudo random function (PRF). At least one key and a function share are provided to each party in the FSS scheme. In turn, each party may generate an output share comprising a function share output evaluated at a function input and a masking component generated based on the at least one key in relation to the key-homomorphic PRF. In turn, the output shares of each participating party may be combined to evaluate the secret function. The FSS scheme facilitates multiple evaluations of the secret function without leaking information regarding the secret function.

A method for processing personal data, comprising the steps of: (a) For each reference personal data of a reference personal database, calculating in the encrypted domain a similarity rate of the reference personal data with a candidate personal data; said reference personal database being associated with a first partition into a plurality of first sets of reference personal data, and with a second partition into a plurality of second sets of reference personal data, such that each reference personal data of a reference personal database belongs to a single first set and a single second set; (b) For each first set and each second set, calculating an overall similarity rate of said set based on the similarity rates of the reference personal data of said set; (c) Comparing each overall similarity rate of a first and second set with a first and second predetermined threshold, respectively.

A storage device includes a non-volatile memory, and a memory controller, wherein the memory controller encrypts plaintext to generate a homomorphic ciphertext with a first level among homomorphic ciphertexts with different levels, stores the homomorphic ciphertext with the first level in the non-volatile memory, and provides the homomorphic ciphertext with the first level in response to a request received from a host. The homomorphic ciphertext with the first level has a smallest length among the homomorphic ciphertexts with different levels.

Provided is a non-transitory computer readable medium. The non-transitory computer readable medium storing program code that, when is executed by a processor, causes the processor to calculate a message, based on a first cipher text, a second cipher text, and a private key, to compare a coefficient of the message with a reference value based on a prime number, to decide a coefficient of a modified message, based on a comparison result between the coefficient of the message and the reference value, and to decrypt the modified message.

A method includes obtaining a plurality of representative vectors associated with face-related data. The method includes determining an encryption key based on a parameter stored in a record, generating an encrypted vector set by, for each respective vector of the plurality of representative vectors, encrypting the respective vector with a homomorphic encryption operation based on the encryption key, where the encrypted vector set includes a first encrypted vector that is linked to a subset of the face-related data associated with the first plurality of face vectors. The method further includes obtaining an encrypted face search vector using the encryption key to perform homomorphic encryption. The method further includes selecting a first encrypted vector based on the encrypted face search vector and retrieving the subset of the face-related data based on the first encrypted vector.

A cryptographic acceleration card included in a blockchain integrated station sends negotiation information to a provider of a new disk image, where the negotiation information is used by the provider to determine a deployment key, and where the new disk image is used to update an old disk image included in the blockchain integrated station. The cryptographic acceleration card receives a new hash value encrypted by the provider using the deployment key, where the new hash value corresponds to the new disk image. The cryptographic acceleration card replaces an old hash value corresponding to the old disk image with the new hash value, where the new hash value is compared with a current hash value of a disk image included in the blockchain integrated station to determine whether the disk image matches the new disk image.

Signature-based authentication is a core cryptographic primitive essential for most secure networking protocols. A new signature scheme, MSS, allows a client to efficiently authenticate herself to a server. The new scheme is modeled in an offline/online model where client online time is premium. The offline component derives basis signatures that are then composed based on the data being signed to provide signatures efficiently and securely during run-time. MSS requires the server to maintain state and is suitable for applications where a device has long-term associations with the server. MSS allows direct comparison to hash chains-based authentication schemes used in similar settings, and is relevant to resource-constrained devices, e.g., IoT. MSS instantiations are derived for two cryptographic families, assuming the hardness of RSA and decisional Diffie-Hellman (DDH) respectively. Then used is the new scheme to design an efficient time-based one-time password (TOTP) protocol.

The present disclosure relates generally to data access control solutions. In particular, techniques are provided to implement a secure and distributed file storage scheme and in particular, a managed access system using a blockchain. In some aspects, a process of the disclosed technology includes operations for associating a first key share with a first copy of a file, wherein the first copy of the file is stored by a first party, associating a second key share with a second copy of the file, and recording versioning information corresponding with the file on a distributed ledger accessible by the first party and the second party. In some aspects, the process can further include operations for managing access to the file using the first key share and the second key share. Systems and machine-readable media are also provided.

A method generates, in a higher security domain (SD), public and secret keys using a first homomorphic encryption scheme (HES), passes the public key to a first shared security zone (SSZ) between the higher SD and a lower SD and through the first SSZ to a second entity in the lower SD, passes a plain text query from the higher SD to the first SSZ, encrypts the plain text query using a second HES, passes the encrypted plain text query to the second entity, performs an oblivious query to generate an encrypted result, and passes that from the lower SD to a second SSZ located between the higher and lower SDs, passes the secret key from the higher SD to the second SSZ, and decrypts the encrypted result using the secret key to generate a plain text result, and passes the plain text result to the higher SD.