Systems and methods for tokenization to support pseudonymization are provided herein. An example method includes receiving an input set, seeding a random number generator with one or more secret data, transposing the input set using a first random number/transposition parameter generated by the random number generator to create a transposed input set, transposing a token set using a second random number/transposition parameter generated by the random number generator to create a transposed token set, and generating a token by substituting transposed input set values with transposed token set values.

Embodiments are directed to generating and training a distributed machine learning model using data received from a plurality of third parties using a distributed ledger system, such as a blockchain. As each third party submits data suitable for model training, the data submissions are recorded onto the distributed ledger. By traversing the ledger, the learning platform identifies what data has been submitted and by which parties, and trains a model using the submitted data. Each party is also able to remove their data from the learning platform, which is also reflected in the distributed ledger. The distributed ledger thus maintains a record of which parties submitted data, and which parties removed their data from the learning platform, allowing for different third parties to contribute data for model training, while retaining control over their submitted data by being able to remove their data from the learning platform.

Some embodiments are directed to a computation device configured for batch-wise multiparty verification of a computation which has been performed multiple times. The computations being multiparty computations that are cryptographically shared between the computation device and multiple other computation devices. The computation device is configured to perform the computation a further time to obtain a randomizing computation on a randomizing set of values.

Biometric data such as iris, facial, or fingerprint data may be obtained from a user. A public code may be generated from the biometric data, but does not obtain any of the biometric data or information that can be used to identify the user. The public code includes information that can be used to extract from the biometric data a biometric code that is suitable for bitwise comparison. Neither the underlying biometric data nor information from which the biometric data may be determined is stored as only the public code and the actual biometric feature of the user is required to generate the biometric code.

There is provided a device for protecting the execution of a cryptographic operation from attacks, the cryptographic operation being implemented by a cryptographic algorithm, the cryptographic operation comprising at least one modular operation between a main base (m) representing a data block and at least one scalar (d) in at least one finite starting group. The device is configured to determine at least one intermediary group (E′) different from the at least one starting group (E), the number of intermediary groups being equal to the number of starting groups E. The device is further configured to determine at least one final group (E″) from the at least one starting group E and the at least one intermediary group E′. The base m being mapped to an auxiliary element (x) in the at least one intermediary group and to an auxiliary base (m″) in the at least one final group E″. The device performs a first elementary operation in each final group (E″i), the first elementary operation consisting in executing the modular operation between the auxiliary base (m″) and an auxiliary scalar (d.sub.a) in each final group E″, which provides at least one result, the auxiliary scalar (d.sub.a) being determined from the auxiliary element (x) and from the main scalar (d). The device further performs a second elementary operation in each starting group E, the second elementary operation consisting in executing the modular operation between an additional auxiliary base and an additional auxiliary scalar d′.sub.b in each starting group, at least one of the additional auxiliary base and of the additional scalar being derived from the result of the first elementary operation.

A cryptographic circuit performs a substitution operation of a cryptographic algorithm. For each substitution operation of the cryptographic algorithm, a series of substitution operations are performed by the cryptographic circuit. One of the substitution operations of the series is a real substitution operation corresponding to the substitution operation of the cryptographic algorithm. One or more other substitution operations of the series are dummy substitution operations. A position of the real substitution operation in said series is selected randomly.

A non-interactive protocol is provided for evaluating machine learning models such as decision trees. A client can delegate the evaluation of a machine learning model such as a decision tree to a server by sending an encrypted input and receiving only the encryption of the result. The inputs can be encoded as vector of integers using their binary representation. The server can then evaluate the machine learning model using a homomorphic arithmetic circuit. The homomorphic arithmetic circuit provides an implementation that requires fewer multiplication than a Boolean comparison circuit. Efficient data representations are then combined with different algorithmic optimizations to keep the computational overhead and the communication cost low. Related apparatus, systems, techniques and articles are also described.

A value corresponding to an input for a cryptographic operation may be received. The value may be masked by multiplying the value with a first number modulo a prime number. The cryptographic operation may subsequently be performed on the masked value.

Disclosed are techniques for determining data relationships between privacy-restricted datapoints, sourced over a computer network, which require data privacy measures concealing at least some datapoints from other clients in the network that the datapoint respectively do not originate from. A first client encrypts a first datapoint with a public key of a public/private encryption scheme and communicates it to the second client along with the public key. The second client encrypts a corresponding second datapoint with the public key, then determines a relationship between the two encrypted datapoints, and communicates the determined relationship to a central client along with the public key. Random noise is encrypted by the central client and added to the determined relationship, then sent together to the first client, followed by decryption by the first client using the private key. The central client extracts the random noise after receiving the decrypted determined relationship.

A baseband processor of a communication device, the baseband processor including an encryptor block that encrypts a transmit data stream into an encrypted data stream, at least one transmit chain block that transforms the encrypted data stream into an analog transmit signal, and a randomness inspector unit that is in communication with the encryptor block, the randomness inspector unit accessing the transmit data stream and the encrypted data stream from the encryptor block as first and second input streams, respectively, to the randomness inspector unit, and determining a randomness gain by comparing a first randomness measurement associated with the first input stream to a second randomness measurement associated with the second input stream.