There is disclosed a method for deriving shared secret information between a first device (A) and a second device (B). The method comprises: obtaining, by device A, a data set D.sub.A; and obtaining, by device B, a data set D.sub.B. Then, for each of N subsets, D.sub.A.sup.i and D.sub.B.sup.i, respectively of D.sub.A and D.sub.B (i=1, 2, . . . , N; N>1) the following steps are carried out: determining, by device A, a first value, V.sub.A.sup.i=M.sub.A(D.sub.A.sup.i) based on D.sub.A.sup.i, wherein M.sub.A comprises an entropy-reducing function and/or a statistical function; determining, by device B, a second value, V.sub.B.sup.i=M.sub.B(D.sub.B.sup.i) based on D.sub.B.sup.i, wherein M.sub.B comprises an entropy-reducing function and/or a statistical function; and exchanging one or more messages between devices A and B to determine whether a condition based on the first and second values, V.sub.A.sup.i and V.sub.B.sup.i, is satisfied.

Embodiments of this specification provide multi-party data query methods and apparatuses for data privacy protection. One implementation of the methods includes obtaining, from each of a plurality of data owners, attribute value ciphertexts of N target objects to form a ciphertext table, disordering the ciphertext table in units of rows to obtain a disordered table, sorting, in response to a query instruction of querying sorting-related data for a target attribute item in the plurality of attribute items, attribute value ciphertexts corresponding to the target attribute item in the disordered table to obtain a target sorted table, and obtaining the sorting-related data as a query result based on the target sorted table.

A system for verifying the execution of requested computation tasks, delegated by a computerized delegator device, to one or more computerized devices executing the tasks, comprising one or more computerized devices that contain one or more processors being adapted to define an input data for each delegated computation task; add to the input data, one or more computation fingerprints being executable encrypted input control bits, capable of detecting deviation from each requested computation task; allow the delegator to calculate the computation fingerprints once, by executing the requested computation tasks on predetermined random base values, to obtain an a-priori fingerprint result; couple the base values to each requested computation task; allow the one or more computerized devices to execute each requested computation task along with the base values, for returning an output consisting of a combination of a computed task result section and a calculated fingerprint result section; verify the returned output by comparing the a-priori fingerprint result to the calculated fingerprint and accepting the returned output if and only if the returned fingerprint result was identical to the a-priori fingerprint result; and use the a-priori fingerprint result or new verified result to verify further requested computation tasks delegated to the same one or more computerized devices.

The secure join system includes the first and second information-processing-apparatuses respectively holding first and second data. The second information-processing-apparatus is configured to: create third and fourth vectors in which a hash-value related to a key-value of the first data in a first vector and a ciphertext of the first data corresponding to the key-value in a second vector are rearranged by permutation; and create a fifth vector having a hash-value related to a key-value of the second data. The first information-processing-apparatus is configured to: search for j in which a hash-value of an i-th element of the fifth vector matches a j-th element value of the third vector for each i and create encrypted data in which a ciphertext of a j-th element value of the fourth vector is set when j is found and a ciphertext of a dummy value is set when j is not found.

Solutions described herein refer to a lattice-based cryptographic operation, comprising a binomial sampling of coefficients, wherein a randomized expansion of binomial sampling operands utilize a value e.

In one embodiment, an authentication scheme (500) that combines chaotic antenna array geometries with pseudorandom pilot sequences and antenna array activation sequences is provided. A receiving device (110A) receives a pilot signal (130) from a transmitting device (110B) (501). The receiving device computes a unique signature (125) for the transmitting device that captures differences between the received signal and expected pilot signal (503). The differences may be due to a unique antenna array geometry of the transmitting device, a pseudorandom pilot sequence used by the transmitting device, and an antenna array activation sequence used by the transmitting device. Later, this computed unique signature may be used by other receiving devices to authenticate the transmitting device (505; 507).

In the present disclosure, a first authentication module acquires first authentication data in which first authentication information generated based on first identification information specific to the first authentication module and second identification information specific to a second authentication module and second authentication information generated based on the first authentication information, the first identification information, and the second identification information are associated with each other. The second authentication module acquires second authentication data in the same configuration as the first authentication data. The first authentication module transmits the first authentication information of the first authentication data to the second authentication module, receives reply information from the second authentication module, executes authentication by comparison between the reply information and the second authentication information associated with the first authentication information transmitted from the first authentication module to the second authentication module, in the first authentication data, and decides whether or not to continue a communication session with the second authentication module based on a result of the authentication.